From 0f7e794cd8e32e978897eafaf92625a9771f02e5 Mon Sep 17 00:00:00 2001 From: Kaustubh BM Date: Fri, 6 Jan 2023 18:15:15 +0530 Subject: [PATCH 1/5] Update sublist3r.py Adding the silent argument which was missed --- sublist3r.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/sublist3r.py b/sublist3r.py index 760e5ce..1c314e6 100755 --- a/sublist3r.py +++ b/sublist3r.py @@ -99,6 +99,7 @@ def parse_args(): parser.add_argument('-b', '--bruteforce', help='Enable the subbrute bruteforce module', nargs='?', default=False) parser.add_argument('-p', '--ports', help='Scan the found subdomains against specified tcp ports') parser.add_argument('-v', '--verbose', help='Enable Verbosity and display results in realtime', nargs='?', default=False) + parser.add_argument('-s', '--silent', help='Disables verbosity and runs the script silently', nargs='?', default=False) parser.add_argument('-t', '--threads', help='Number of threads to use for subbrute bruteforce', type=int, default=30) parser.add_argument('-e', '--engines', help='Specify a comma-separated list of search engines') parser.add_argument('-o', '--output', help='Save the results to text file') @@ -994,13 +995,18 @@ def interactive(): ports = args.ports enable_bruteforce = args.bruteforce verbose = args.verbose + silent = args.silent engines = args.engines if verbose or verbose is None: verbose = True + if silent: + verbose = False + silent = True if args.no_color: no_color() - banner() - res = main(domain, threads, savefile, ports, silent=False, verbose=verbose, enable_bruteforce=enable_bruteforce, engines=engines) + if not silent or silent is None: + banner() + res = main(domain, threads, savefile, ports, silent=silent, verbose=verbose, enable_bruteforce=enable_bruteforce, engines=engines) if __name__ == "__main__": interactive() From 8bc51ecee8874a8b1256b63a10e00611cd3ffb6c Mon Sep 17 00:00:00 2001 From: Kaustubh BM Date: Fri, 6 Jan 2023 18:21:59 +0530 Subject: [PATCH 2/5] Update README.md Adding support for -s argument which was missed in the code. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c860b29..8c2ae7e 100644 --- a/README.md +++ b/README.md @@ -108,6 +108,7 @@ Short Form | Long Form | Description -b | --bruteforce | Enable the subbrute bruteforce module -p | --ports | Scan the found subdomains against specific tcp ports -v | --verbose | Enable the verbose mode and display results in realtime +-s | --silent | Disables verbosity and runs the script silently -t | --threads | Number of threads to use for subbrute bruteforce -e | --engines | Specify a comma-separated list of search engines -o | --output | Save the results to text file From f79a38dae9a09886f630882e2ef79dfaa4adc646 Mon Sep 17 00:00:00 2001 From: Kaustubh BM Date: Tue, 31 Jan 2023 14:23:49 +0530 Subject: [PATCH 3/5] Update sublist3r.py removing virus total --- sublist3r.py | 121 ++++++++++++++++++++++----------------------------- 1 file changed, 53 insertions(+), 68 deletions(-) diff --git a/sublist3r.py b/sublist3r.py index 1c314e6..0f418a1 100755 --- a/sublist3r.py +++ b/sublist3r.py @@ -72,15 +72,7 @@ def no_color(): def banner(): - print("""%s - ____ _ _ _ _ _____ - / ___| _ _| |__ | (_)___| |_|___ / _ __ - \___ \| | | | '_ \| | / __| __| |_ \| '__| - ___) | |_| | |_) | | \__ \ |_ ___) | | - |____/ \__,_|_.__/|_|_|___/\__|____/|_|%s%s - - # Coded By Ahmed Aboul-Ela - @aboul3la - """ % (R, W, Y)) + return def parser_error(errmsg): @@ -99,7 +91,6 @@ def parse_args(): parser.add_argument('-b', '--bruteforce', help='Enable the subbrute bruteforce module', nargs='?', default=False) parser.add_argument('-p', '--ports', help='Scan the found subdomains against specified tcp ports') parser.add_argument('-v', '--verbose', help='Enable Verbosity and display results in realtime', nargs='?', default=False) - parser.add_argument('-s', '--silent', help='Disables verbosity and runs the script silently', nargs='?', default=False) parser.add_argument('-t', '--threads', help='Number of threads to use for subbrute bruteforce', type=int, default=30) parser.add_argument('-e', '--engines', help='Specify a comma-separated list of search engines') parser.add_argument('-o', '--output', help='Save the results to text file') @@ -674,55 +665,55 @@ class DNSdumpster(enumratorBaseThreaded): return links -class Virustotal(enumratorBaseThreaded): - def __init__(self, domain, subdomains=None, q=None, silent=False, verbose=True): - subdomains = subdomains or [] - base_url = 'https://www.virustotal.com/ui/domains/{domain}/subdomains' - self.engine_name = "Virustotal" - self.q = q - super(Virustotal, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent, verbose=verbose) - self.url = self.base_url.format(domain=self.domain) - return - - # the main send_req need to be rewritten - def send_req(self, url): - try: - resp = self.session.get(url, headers=self.headers, timeout=self.timeout) - except Exception as e: - self.print_(e) - resp = None - - return self.get_response(resp) - - # once the send_req is rewritten we don't need to call this function, the stock one should be ok - def enumerate(self): - while self.url != '': - resp = self.send_req(self.url) - resp = json.loads(resp) - if 'error' in resp: - self.print_(R + "[!] Error: Virustotal probably now is blocking our requests" + W) - break - if 'links' in resp and 'next' in resp['links']: - self.url = resp['links']['next'] - else: - self.url = '' - self.extract_domains(resp) - return self.subdomains - - def extract_domains(self, resp): - #resp is already parsed as json - try: - for i in resp['data']: - if i['type'] == 'domain': - subdomain = i['id'] - if not subdomain.endswith(self.domain): - continue - if subdomain not in self.subdomains and subdomain != self.domain: - if self.verbose: - self.print_("%s%s: %s%s" % (R, self.engine_name, W, subdomain)) - self.subdomains.append(subdomain.strip()) - except Exception: - pass +# class Virustotal(enumratorBaseThreaded): +# def __init__(self, domain, subdomains=None, q=None, silent=False, verbose=True): +# subdomains = subdomains or [] +# base_url = 'https://www.virustotal.com/ui/domains/{domain}/subdomains' +# self.engine_name = "Virustotal" +# self.q = q +# super(Virustotal, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent, verbose=verbose) +# self.url = self.base_url.format(domain=self.domain) +# return +# +# # the main send_req need to be rewritten +# def send_req(self, url): +# try: +# resp = self.session.get(url, headers=self.headers, timeout=self.timeout) +# except Exception as e: +# self.print_(e) +# resp = None +# +# return self.get_response(resp) +# +# # once the send_req is rewritten we don't need to call this function, the stock one should be ok +# def enumerate(self): +# while self.url != '': +# resp = self.send_req(self.url) +# resp = json.loads(resp) +# if 'error' in resp: +# self.print_(R + "[!] Error: Virustotal probably now is blocking our requests" + W) +# break +# if 'links' in resp and 'next' in resp['links']: +# self.url = resp['links']['next'] +# else: +# self.url = '' +# self.extract_domains(resp) +# return self.subdomains +# +# def extract_domains(self, resp): +# #resp is already parsed as json +# try: +# for i in resp['data']: +# if i['type'] == 'domain': +# subdomain = i['id'] +# if not subdomain.endswith(self.domain): +# continue +# if subdomain not in self.subdomains and subdomain != self.domain: +# if self.verbose: +# self.print_("%s%s: %s%s" % (R, self.engine_name, W, subdomain)) +# self.subdomains.append(subdomain.strip()) +# except Exception: +# pass class ThreatCrowd(enumratorBaseThreaded): @@ -920,7 +911,6 @@ def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, e 'ask': AskEnum, 'netcraft': NetcraftEnum, 'dnsdumpster': DNSdumpster, - 'virustotal': Virustotal, 'threatcrowd': ThreatCrowd, 'ssl': CrtSearch, 'passivedns': PassiveDNS @@ -931,7 +921,7 @@ def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, e if engines is None: chosenEnums = [ BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum, - NetcraftEnum, DNSdumpster, Virustotal, ThreatCrowd, + NetcraftEnum, ThreatCrowd, CrtSearch, PassiveDNS ] else: @@ -995,18 +985,13 @@ def interactive(): ports = args.ports enable_bruteforce = args.bruteforce verbose = args.verbose - silent = args.silent engines = args.engines if verbose or verbose is None: verbose = True - if silent: - verbose = False - silent = True if args.no_color: no_color() - if not silent or silent is None: - banner() - res = main(domain, threads, savefile, ports, silent=silent, verbose=verbose, enable_bruteforce=enable_bruteforce, engines=engines) + banner() + res = main(domain, threads, savefile, ports, silent= True, verbose=verbose, enable_bruteforce=enable_bruteforce, engines=engines) if __name__ == "__main__": interactive() From 7a3b838b47cb2089dfff0f1af85688588203de5e Mon Sep 17 00:00:00 2001 From: Kaustubh BM Date: Mon, 6 Feb 2023 12:01:53 +0530 Subject: [PATCH 4/5] Update sublist3r.py Fix --- sublist3r.py | 119 ++++++++++++++++++++++++++++----------------------- 1 file changed, 66 insertions(+), 53 deletions(-) diff --git a/sublist3r.py b/sublist3r.py index 0f418a1..1c52d8c 100755 --- a/sublist3r.py +++ b/sublist3r.py @@ -72,7 +72,15 @@ def no_color(): def banner(): - return + print("""%s + ____ _ _ _ _ _____ + / ___| _ _| |__ | (_)___| |_|___ / _ __ + \___ \| | | | '_ \| | / __| __| |_ \| '__| + ___) | |_| | |_) | | \__ \ |_ ___) | | + |____/ \__,_|_.__/|_|_|___/\__|____/|_|%s%s + + # Coded By Ahmed Aboul-Ela - @aboul3la + """ % (R, W, Y)) def parser_error(errmsg): @@ -665,55 +673,55 @@ class DNSdumpster(enumratorBaseThreaded): return links -# class Virustotal(enumratorBaseThreaded): -# def __init__(self, domain, subdomains=None, q=None, silent=False, verbose=True): -# subdomains = subdomains or [] -# base_url = 'https://www.virustotal.com/ui/domains/{domain}/subdomains' -# self.engine_name = "Virustotal" -# self.q = q -# super(Virustotal, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent, verbose=verbose) -# self.url = self.base_url.format(domain=self.domain) -# return -# -# # the main send_req need to be rewritten -# def send_req(self, url): -# try: -# resp = self.session.get(url, headers=self.headers, timeout=self.timeout) -# except Exception as e: -# self.print_(e) -# resp = None -# -# return self.get_response(resp) -# -# # once the send_req is rewritten we don't need to call this function, the stock one should be ok -# def enumerate(self): -# while self.url != '': -# resp = self.send_req(self.url) -# resp = json.loads(resp) -# if 'error' in resp: -# self.print_(R + "[!] Error: Virustotal probably now is blocking our requests" + W) -# break -# if 'links' in resp and 'next' in resp['links']: -# self.url = resp['links']['next'] -# else: -# self.url = '' -# self.extract_domains(resp) -# return self.subdomains -# -# def extract_domains(self, resp): -# #resp is already parsed as json -# try: -# for i in resp['data']: -# if i['type'] == 'domain': -# subdomain = i['id'] -# if not subdomain.endswith(self.domain): -# continue -# if subdomain not in self.subdomains and subdomain != self.domain: -# if self.verbose: -# self.print_("%s%s: %s%s" % (R, self.engine_name, W, subdomain)) -# self.subdomains.append(subdomain.strip()) -# except Exception: -# pass +class Virustotal(enumratorBaseThreaded): + def __init__(self, domain, subdomains=None, q=None, silent=False, verbose=True): + subdomains = subdomains or [] + base_url = 'https://www.virustotal.com/ui/domains/{domain}/subdomains' + self.engine_name = "Virustotal" + self.q = q + super(Virustotal, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent, verbose=verbose) + self.url = self.base_url.format(domain=self.domain) + return + + # the main send_req need to be rewritten + def send_req(self, url): + try: + resp = self.session.get(url, headers=self.headers, timeout=self.timeout) + except Exception as e: + self.print_(e) + resp = None + + return self.get_response(resp) + + # once the send_req is rewritten we don't need to call this function, the stock one should be ok + def enumerate(self): + while self.url != '': + resp = self.send_req(self.url) + resp = json.loads(resp) + if 'error' in resp: + self.print_(R + "[!] Error: Virustotal probably now is blocking our requests" + W) + break + if 'links' in resp and 'next' in resp['links']: + self.url = resp['links']['next'] + else: + self.url = '' + self.extract_domains(resp) + return self.subdomains + + def extract_domains(self, resp): + #resp is already parsed as json + try: + for i in resp['data']: + if i['type'] == 'domain': + subdomain = i['id'] + if not subdomain.endswith(self.domain): + continue + if subdomain not in self.subdomains and subdomain != self.domain: + if self.verbose: + self.print_("%s%s: %s%s" % (R, self.engine_name, W, subdomain)) + self.subdomains.append(subdomain.strip()) + except Exception: + pass class ThreatCrowd(enumratorBaseThreaded): @@ -911,6 +919,7 @@ def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, e 'ask': AskEnum, 'netcraft': NetcraftEnum, 'dnsdumpster': DNSdumpster, + 'virustotal': Virustotal, 'threatcrowd': ThreatCrowd, 'ssl': CrtSearch, 'passivedns': PassiveDNS @@ -921,7 +930,7 @@ def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, e if engines is None: chosenEnums = [ BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum, - NetcraftEnum, ThreatCrowd, + NetcraftEnum, DNSdumpster, Virustotal, ThreatCrowd, CrtSearch, PassiveDNS ] else: @@ -988,10 +997,14 @@ def interactive(): engines = args.engines if verbose or verbose is None: verbose = True + silent = args.silent if args.no_color: no_color() - banner() - res = main(domain, threads, savefile, ports, silent= True, verbose=verbose, enable_bruteforce=enable_bruteforce, engines=engines) + if silent: + verbose = False + else: + banner() + res = main(domain, threads, savefile, ports, silent=silent, verbose=verbose, enable_bruteforce=enable_bruteforce, engines=engines) if __name__ == "__main__": interactive() From 02d737549c00e8464b545bc79a30a70f555bf94c Mon Sep 17 00:00:00 2001 From: Kaustubh BM Date: Mon, 6 Feb 2023 12:10:14 +0530 Subject: [PATCH 5/5] Update sublist3r.py --- sublist3r.py | 1 + 1 file changed, 1 insertion(+) diff --git a/sublist3r.py b/sublist3r.py index 1c52d8c..6bee005 100755 --- a/sublist3r.py +++ b/sublist3r.py @@ -99,6 +99,7 @@ def parse_args(): parser.add_argument('-b', '--bruteforce', help='Enable the subbrute bruteforce module', nargs='?', default=False) parser.add_argument('-p', '--ports', help='Scan the found subdomains against specified tcp ports') parser.add_argument('-v', '--verbose', help='Enable Verbosity and display results in realtime', nargs='?', default=False) + parser.add_argument('-s', '--silent', help='Disable Verbosity and run the script silently', nargs='?', default=False) parser.add_argument('-t', '--threads', help='Number of threads to use for subbrute bruteforce', type=int, default=30) parser.add_argument('-e', '--engines', help='Specify a comma-separated list of search engines') parser.add_argument('-o', '--output', help='Save the results to text file')