Added CertDB Data Source

libsubfinder/engines/passive/passive.go

@@ -17,6 +17,7 @@ import (
 
 	// Load different Passive data sources
 	"subfinder/libsubfinder/sources/certspotter"
+	"subfinder/libsubfinder/sources/certdb"
 	"subfinder/libsubfinder/sources/crtsh"
 	"subfinder/libsubfinder/sources/hackertarget"
 	"subfinder/libsubfinder/sources/findsubdomains"
@@ -33,6 +34,7 @@ func PassiveDiscovery(state *helper.State) (finalPassiveSubdomains []string) {
 
 	// TODO : Add Selection for search sources
 	fmt.Printf("\n\n[-] Searching For Subdomains in Crt.sh")
+	fmt.Printf("\n[-] Searching For Subdomains in CertDB")
 	fmt.Printf("\n[-] Searching For Subdomains in Certspotter")
 	fmt.Printf("\n[-] Searching For Subdomains in Threatcrowd")
 	fmt.Printf("\n[-] Searching For Subdomains in Findsubdomains")
@@ -43,10 +45,11 @@ func PassiveDiscovery(state *helper.State) (finalPassiveSubdomains []string) {
 	fmt.Printf("\n[-] Searching For Subdomains in Virustotal")
 	fmt.Printf("\n[-] Searching For Subdomains in Netcraft\n")
 
-	ch := make(chan helper.Result, 10)
+	ch := make(chan helper.Result, 11)
 
 	// Create goroutines for added speed and recieve data via channels
 	go crtsh.Query(state, ch)
+	go certdb.Query(state, ch)
 	go certspotter.Query(state, ch)
 	go hackertarget.Query(state, ch)
 	go findsubdomains.Query(state, ch)
@@ -58,7 +61,7 @@ func PassiveDiscovery(state *helper.State) (finalPassiveSubdomains []string) {
 	go netcraft.Query(state, ch)
 
 	// recieve data from all goroutines running
-	for i := 1; i <= 10; i++ {
+	for i := 1; i <= 11; i++ {
 		result := <-ch
 
 		if result.Error != nil {

libsubfinder/sources/certdb/certdb.go

@@ -0,0 +1,111 @@
+// 
+// certdb.go : A CertDB Subdomain parser in golang
+// Written By : @ice3man (Nizamul Rana)
+// 
+// Distributed Under MIT License
+// Copyrights (C) 2018 Ice3man
+//
+
+package certdb
+
+import (
+	"io/ioutil"
+	"fmt"
+	"regexp"
+
+	"subfinder/libsubfinder/helper"
+)
+
+// all subdomains found
+var subdomains []string 
+
+// Parser subdomains from SSL Certificate Information Page
+func findSubdomains(link string, state *helper.State) (subdomainsfound []string, err error) {
+	resp, err := helper.GetHTTPResponse("https://certdb.com"+link, state.Timeout)
+	if err != nil {
+		return subdomainsfound, err
+	}
+
+    // Get the response body
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return subdomainsfound, err
+	}
+
+	src := string(body)
+
+	SubdomainRegex, err := regexp.Compile("<a href=\"https://certdb.com/domain/(.*)\"  target='_blank' class='link-underlined' >")
+	if err != nil {
+		return subdomainsfound, err
+	}
+
+	match := SubdomainRegex.FindAllStringSubmatch(src, -1)
+
+   	for _, link := range match {
+   		subdomainsfound = append(subdomainsfound, link[1])
+	}
+
+	return subdomainsfound, nil
+}	
+
+// 
+// Query : Queries awesome CertDB service for subdomains
+// @param state : current application state, holds all information found
+//
+func Query(state *helper.State, ch chan helper.Result) {
+
+	var result helper.Result
+	result.Subdomains = subdomains
+
+	// Make a http request to CertDB
+	resp, err := helper.GetHTTPResponse("https://certdb.com/domain/"+state.Domain, state.Timeout)
+	if err != nil {
+		result.Error = err
+		ch <- result
+		return
+	}
+
+    // Get the response body
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		result.Error = err
+		ch <- result
+		return
+	}
+
+	src := string(body)
+
+	// Get links for all the SSL Certficates found
+	Regex, _ := regexp.Compile("<a href=\"(.*)\" class=\"see-more-link\">See more →</a>")
+	match := Regex.FindAllStringSubmatch(src, -1)
+
+	var initialSubs []string
+
+   	for _, link := range match {
+   		subsReturned, err := findSubdomains(link[1], state)
+   		if err != nil {
+			result.Error = err
+			ch <- result
+			return
+		}
+
+		initialSubs = append(initialSubs, subsReturned...)
+	}
+
+	for _, subdomain := range initialSubs {
+		if state.Verbose == true {
+			if state.Color == true {
+				fmt.Printf("\n[%sCERTDB%s] %s", helper.Red, helper.Reset, subdomain)
+			} else {
+				fmt.Printf("\n[CERTDB] %s", subdomains)
+			}
+		}
+
+		subdomains = append(subdomains, subdomain)
+    }
+
+
+  	result.Subdomains = subdomains
+	result.Error = nil
+	ch <-result
+}

libsubfinder/sources/dnsdumpster/dnsdumpster.go

@@ -36,7 +36,7 @@ func Query(state *helper.State, ch chan helper.Result) {
 	var result helper.Result
 	result.Subdomains = subdomains
 
-	// Make a http request to Netcraft
+	// Make a http request to DNSDumpster
 	resp, gCookies, err := helper.GetHTTPCookieResponse("https://dnsdumpster.com", gCookies, state.Timeout)
 	if err != nil {
 		result.Error = err

libsubfinder/sources/passivetotal/passivetotal.go

@@ -97,10 +97,11 @@ func Query(state *helper.State, ch chan helper.Result) {
 		result.Subdomains = subdomains
 		result.Error = nil
 		ch <-result
+		return
+	} else {
+		result.Subdomains = subdomains
+		result.Error = nil
+		ch <- result
+		return
 	}
-
-	result.Subdomains = subdomains
-	result.Error = nil
-	ch <- result
-	return
 }

libsubfinder/sources/ptrarchive/ptrarchive.go

@@ -20,7 +20,7 @@ import (
 var subdomains []string 
 
 // 
-// Query : Queries awesome DNSDumpster service for subdomains
+// Query : Queries awesome CertDB service for subdomains
 // @param state : current application state, holds all information found
 //
 func Query(state *helper.State, ch chan helper.Result) {
@@ -28,7 +28,7 @@ func Query(state *helper.State, ch chan helper.Result) {
 	var result helper.Result
 	result.Subdomains = subdomains
 
-	// Make a http request to Netcraft
+	// Make a http request to CertDB
 	resp, err := helper.GetHTTPResponse("http://ptrarchive.com/tools/search2.htm?label="+state.Domain+"&date=ALL", state.Timeout)
 	if err != nil {
 		result.Error = err

libsubfinder/sources/virustotal/virustotal.go

@@ -101,12 +101,13 @@ func Query(state *helper.State, ch chan helper.Result) {
 		result.Subdomains = subdomains
 		result.Error = nil
 		ch <-result
+		return 
+	} else {
+		var subdomains []string
+		
+		result.Subdomains = subdomains
+		result.Error = nil
+		ch <- result
+		return
 	}
-
-	var subdomains []string
-	
-	result.Subdomains = subdomains
-	result.Error = nil
-	ch <- result
-	return
 }