From 5e7e8b8a0bb757763fd6e457a020eb5358e669cc Mon Sep 17 00:00:00 2001
From: ice3man <nizamulrana@gmail.com>
Date: Tue, 24 Apr 2018 15:50:01 +0530
Subject: [PATCH] Added Riddler Data Source

---
 README.md                               |   2 +-
 libsubfinder/engines/passive/passive.go |  16 +++-
 libsubfinder/helper/state.go            |   3 +
 libsubfinder/sources/riddler/riddler.go | 112 ++++++++++++++++++++++++
 4 files changed, 130 insertions(+), 3 deletions(-)
 create mode 100644 libsubfinder/sources/riddler/riddler.go

diff --git a/README.md b/README.md
index 4662330..5c0b522 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ So finally after working hard, here is something that I hope you guys will :hear
 - Simple and modular code base making it easy to contribute.
 - Fast And Powerful Bruteforcing Module (In Development)
 - Powerful Permutation generation engine. (In Development)
-- Many Passive Data Sources (CertDB, CertSpotter, crtsh, DNSDumpster, FindSubdomains, Hackertarget, Netcraft, PassiveTotal, PTRArchive, SecurityTrails, Threatcrowd, VirusTotal, Waybackarchive, Threatminer)
+- Many Passive Data Sources (CertDB, CertSpotter, crtsh, DNSDumpster, FindSubdomains, Hackertarget, Netcraft, PassiveTotal, PTRArchive, SecurityTrails, Threatcrowd, VirusTotal, Waybackarchive, Threatminer, Riddler)
 - Multiple Output formats
 
 ## Install
diff --git a/libsubfinder/engines/passive/passive.go b/libsubfinder/engines/passive/passive.go
index e40447b..a5f43a4 100644
--- a/libsubfinder/engines/passive/passive.go
+++ b/libsubfinder/engines/passive/passive.go
@@ -26,6 +26,7 @@ import (
 	"github.com/ice3man543/subfinder/libsubfinder/sources/netcraft"
 	"github.com/ice3man543/subfinder/libsubfinder/sources/passivetotal"
 	"github.com/ice3man543/subfinder/libsubfinder/sources/ptrarchive"
+	"github.com/ice3man543/subfinder/libsubfinder/sources/riddler"
 	"github.com/ice3man543/subfinder/libsubfinder/sources/securitytrails"
 	"github.com/ice3man543/subfinder/libsubfinder/sources/threatcrowd"
 	"github.com/ice3man543/subfinder/libsubfinder/sources/threatminer"
@@ -50,12 +51,13 @@ type Source struct {
 	Netcraft       bool
 	Waybackarchive bool
 	Threatminer    bool
+	Riddler        bool
 
 	NoOfSources int
 }
 
 func PassiveDiscovery(state *helper.State) (finalPassiveSubdomains []string) {
-	sourceConfig := Source{false, false, false, false, false, false, false, false, false, false, false, false, false, false, 0}
+	sourceConfig := Source{false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 0}
 
 	fmt.Printf("\n")
 	if state.Sources == "all" {
@@ -75,10 +77,11 @@ func PassiveDiscovery(state *helper.State) (finalPassiveSubdomains []string) {
 			fmt.Printf("\n[-] Searching For Subdomains in Securitytrails")
 			fmt.Printf("\n[-] Searching For Subdomains in WaybackArchive")
 			fmt.Printf("\n[-] Searching For Subdomains in ThreatMiner")
+			fmt.Printf("\n[-] Searching For Subdomains in Riddler")
 			fmt.Printf("\n[-] Searching For Subdomains in Netcraft\n")
 		}
 
-		sourceConfig = Source{true, true, true, true, true, true, true, true, true, true, true, true, true, true, 14}
+		sourceConfig = Source{true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, 15}
 	} else {
 		// Check data sources and create a source configuration structure
 
@@ -168,6 +171,12 @@ func PassiveDiscovery(state *helper.State) (finalPassiveSubdomains []string) {
 				}
 				sourceConfig.Threatminer = true
 				sourceConfig.NoOfSources = sourceConfig.NoOfSources + 1
+			} else if source == "riddler" {
+				if state.Silent != true {
+					fmt.Printf("\n[-] Searching For Subdomains in Riddler")
+				}
+				sourceConfig.Riddler = true
+				sourceConfig.NoOfSources = sourceConfig.NoOfSources + 1
 			}
 		}
 	}
@@ -219,6 +228,9 @@ func PassiveDiscovery(state *helper.State) (finalPassiveSubdomains []string) {
 	if sourceConfig.Threatminer == true {
 		go threatminer.Query(state, ch)
 	}
+	if sourceConfig.Riddler == true {
+		go riddler.Query(state, ch)
+	}
 
 	// Recieve data from all goroutines running
 	for i := 0; i < sourceConfig.NoOfSources; i++ {
diff --git a/libsubfinder/helper/state.go b/libsubfinder/helper/state.go
index 213c875..dbbc92e 100644
--- a/libsubfinder/helper/state.go
+++ b/libsubfinder/helper/state.go
@@ -40,6 +40,9 @@ type Config struct {
 	PassivetotalKey      string `json:"passivetotalKey"`      // PassiveTotal api key
 
 	SecurityTrailsKey string `json:"securitytrailsKey"` // SecurityTrails api key
+
+	RiddlerEmail    string `json:"riddlerEmail"`    // Riddler Email
+	RiddlerPassword string `json:"riddlerPassword"` // Riddler Password
 }
 
 func InitState() (state State, err error) {
diff --git a/libsubfinder/sources/riddler/riddler.go b/libsubfinder/sources/riddler/riddler.go
new file mode 100644
index 0000000..330843a
--- /dev/null
+++ b/libsubfinder/sources/riddler/riddler.go
@@ -0,0 +1,112 @@
+//
+// Written By : @ice3man (Nizamul Rana)
+//
+// Distributed Under MIT License
+// Copyrights (C) 2018 Ice3man
+//
+
+// A Parser for subdomains from Riddler
+package riddler
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+
+	"github.com/ice3man543/subfinder/libsubfinder/helper"
+)
+
+type authentication struct {
+	Response struct {
+		User struct {
+			Authentication_token string `json:"authentication_token"`
+		} `json:"user"`
+	} `json:"response"`
+}
+
+type host struct {
+	Host string `json:"host"`
+}
+
+var hostResponse []host
+
+var auth authentication
+
+// all subdomains found
+var subdomains []string
+
+// Query function returns all subdomains found using the service.
+func Query(state *helper.State, ch chan helper.Result) {
+	var result helper.Result
+	result.Subdomains = subdomains
+
+	hc := http.Client{}
+
+	var data = []byte(`{"email":"` + state.ConfigState.RiddlerEmail + `", "password":"` + state.ConfigState.RiddlerPassword + `"}`)
+
+	// Create a post request to get subdomain data
+	req, err := http.NewRequest("POST", "https://riddler.io/auth/login", bytes.NewBuffer(data))
+	req.Header.Add("Content-Type", "application/json")
+
+	resp, err := hc.Do(req)
+
+	// Get the response body
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		result.Error = err
+		ch <- result
+		return
+	}
+
+	err = json.Unmarshal([]byte(body), &auth)
+	if err != nil {
+		result.Subdomains = subdomains
+		result.Error = err
+		ch <- result
+		return
+	}
+
+	data = []byte(`{"query":"pld:` + state.Domain + `", "output":"host", "limit":500}`)
+
+	req, err = http.NewRequest("POST", "https://riddler.io/api/search", bytes.NewBuffer(data))
+	req.Header.Add("Content-Type", "application/json")
+	req.Header.Add("Authentication-Token", auth.Response.User.Authentication_token)
+
+	resp, err = hc.Do(req)
+
+	// Get the response body
+	body, err = ioutil.ReadAll(resp.Body)
+	if err != nil {
+		result.Error = err
+		ch <- result
+		return
+	}
+
+	err = json.Unmarshal([]byte(body), &hostResponse)
+	if err != nil {
+		result.Subdomains = subdomains
+		result.Error = err
+		ch <- result
+		return
+	}
+
+	for _, host := range hostResponse {
+
+		subdomain := host.Host
+		if state.Verbose == true {
+			if state.Color == true {
+				fmt.Printf("\n[%sRIDDLER%s] %s", helper.Red, helper.Reset, subdomain)
+			} else {
+				fmt.Printf("\n[RIDDLER] %s", subdomains)
+			}
+		}
+
+		subdomains = append(subdomains, subdomain)
+	}
+
+	result.Subdomains = subdomains
+	result.Error = nil
+	ch <- result
+}