daffainfo
/
subfinder
mirror of https://github.com/daffainfo/subfinder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated Commenting Style and some other misc. changes

master
ice3man 2018-04-16 15:16:54 +05:30
parent 1ff3343df3
commit a2655d66b4
21 changed files with 94 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config.json
View File

@ -1,8 +0,0 @@
{
"virustotalApikey":"",
"passivetotalUsername":"",
"passivetotalKey":"",
"securitytrailsKey":""
}

14
libsubfinder/engines/passive/passive.go
View File

@ -1,13 +1,12 @@
//
// passive.go : Passive Subdomain Discovery Helper method
// Calls all the functions and also manages error handling
//
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// All Rights Reserved
// Passive Subdomain Discovery Helper method
// Calls all the functions and also manages error handling
package passive
import (
@ -32,6 +31,8 @@ import (
"github.com/ice3man543/subfinder/libsubfinder/sources/securitytrails"
)
// Sources configuration structure specifying what should we use
// to do passive subdomain discovery.
type Source struct {
Certdb bool
Crtsh bool
@ -144,7 +145,7 @@ func PassiveDiscovery(state *helper.State) (finalPassiveSubdomains []string) {
if sourceConfig.Securitytrails == true { go securitytrails.Query(state, ch) }
if sourceConfig.Netcraft == true { go netcraft.Query(state, ch) }
// recieve data from all goroutines running
// Recieve data from all goroutines running
for i := 0; i < sourceConfig.NoOfSources; i++ {
result := <-ch
@ -163,8 +164,7 @@ func PassiveDiscovery(state *helper.State) (finalPassiveSubdomains []string) {
validPassiveSubdomains := helper.Validate(state, uniquePassiveSubdomains)
var PassiveSubdomains []string
// TODO : Fix Wildcard elimination methods
if state.Alive == true {
// Nove remove all wildcard subdomains
PassiveSubdomains = helper.RemoveWildcardSubdomains(state, validPassiveSubdomains)

10
libsubfinder/helper/color.go
View File

@ -1,16 +1,16 @@
//
// color.go : Contains color constants for printing
//
// Contains color constants for printing
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
package helper
// use like this
// fmt.Printf("[%sCRTSH%s] %s", r, rs, subdomain)
// Use like this
// fmt.Printf("[%sCRTSH%s] %s", r, rs, subdomain)
var (
Red = "\033[31;1;4m" // red color
Cyan = "\033[36;6;2m" // cyan color

16
libsubfinder/helper/misc.go
View File

@ -1,4 +1,4 @@
//
//
// misc.go : contains misc helper function
// Written By : @ice3man (Nizamul Rana)
//
@ -29,8 +29,6 @@ type BruteforceResult struct {
Error error // Error
}
//
// NewUUID generates a random UUID according to RFC 4122
// Taken from : https://play.golang.org/p/4FkNSiUDMg
//
@ -48,12 +46,7 @@ func NewUUID() (string, error) {
return fmt.Sprintf("%x-%x-%x-%x-%x", uuid[0:4], uuid[4:6], uuid[6:8], uuid[8:10], uuid[10:]), nil
}
//
// ReadConfigFile : Reads a config file from disk
//
// @return config : configuration structure
// @return err : if no error nil, else error
//
// Reads a config file from disk and returns Configuration structure
func ReadConfigFile() (configuration *Config, err error) {
var config Config
@ -72,10 +65,9 @@ func ReadConfigFile() (configuration *Config, err error) {
return &config, nil
}
//
// Returns unique items in a slice
// Adapted from http://www.golangprograms.com/remove-duplicate-values-from-slice.html
//
func Unique(elements []string) []string {
// Use map to record duplicates as we find them.
encountered := map[string]bool{}
@ -95,9 +87,7 @@ func Unique(elements []string) []string {
return result
}
//
// Returns valid subdomains found ending with target domain
//
func Validate(state *State, strslice []string) (subdomains []string) {
for _, entry := range strslice {
if strings.HasSuffix(entry, state.Domain) {

35
libsubfinder/helper/search.go
View File

@ -23,43 +23,22 @@ type BaseSearchConfiguration struct {
AllSubdomains []string // All Subdomains found so far
}
//
// CheckMaxSubdomains : Check if we have found maximum subdomains on the page
// @params config : Current configuration object
//
// @return true/false : If yes, true if no false
//
func CheckMaxSubdomains(config *BaseSearchConfiguration) (result bool) {
// CheckMaxSubdomains checks if maximum number of domains was found.
func CheckMaxSubdomains(config *BaseSearchConfiguration) bool {
// If we have no limit on max domains on pages
if config.MaxDomains == 0 {
return false
}
// If the number of subdomains on current page is >= max subdomains per page,
// return true.
if len(config.CurrentSubdomains) >= config.MaxDomains {
return true
}
return false
return len(config.CurrentSubdomains) >= config.MaxDomains
}
//
// CheckMaxPages : Check if we have found maximum pages per service
// @params config : Current configuration object
//
// @return true/false : If yes, true if no false
//
func CheckMaxPages(config *BaseSearchConfiguration) (result bool) {
// CheckMaxPages checks if maximum number of pages per service was found.
func CheckMaxPages(config *BaseSearchConfiguration) bool {
// If we have no limit on max pages
if config.MaxPages == 0 {
return false
}
// If the current page is >= Max Pages, return True
if config.CurrentPageNo >= config.MaxPages {
return true
}
return false
}
return config.CurrentPageNo >= config.MaxPages
}

27
libsubfinder/helper/sources.go
View File

@ -16,14 +16,10 @@ import (
"time"
)
//
// GetHTTPResponse : Returns a HTTP Response object
// @param url : URL To Visit (Note, It needs full url with scheme)
// @param timeout : Seconds to wait for response until timeout
//
// @return resp : HTTP Response object
// @return err : nil if successfull else error
//
// It needs URL To Visit. Note, It needs full url with scheme and a timeout value.
// It returns a HTTP Response object
func GetHTTPResponse(url string, timeout int) (resp *http.Response, err error) {
tr := &http.Transport{
@ -40,9 +36,6 @@ func GetHTTPResponse(url string, timeout int) (resp *http.Response, err error) {
return resp, err
}
// TODO : Figure out a way to handle user agents as per user intention
// @codingo, I don't think it's correct to spam services by making requests with fake user agent
// What do you think
req.Header.Set("User-Agent", "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1")
req.Header.Add("Connection", "close")
@ -54,16 +47,10 @@ func GetHTTPResponse(url string, timeout int) (resp *http.Response, err error) {
return resp, nil
}
//
// GetHTTPCookieResponse : Returns a HTTP Response object with a cookie object containing current cookies
// @param url : URL To Visit (Note, It needs full url with scheme)
// @params cookies : Cookies to send with the request
// @param timeout : Seconds to wait for response until timeout
//
// @return resp : HTTP Response object
// @return cookie : Cookies recieved with the Request
// @return err : nil if successfull else error
//
// GetHTTPResponse : Returns a HTTP Response object
// It needs URL To Visit and a cookie array to send with request.
// Note, It needs full url with scheme and a timeout value.
// It returns a HTTP Response object with a cookie array.
func GetHTTPCookieResponse(urls string, cookies []*http.Cookie, timeout int) (resp *http.Response, cookie []*http.Cookie, err error) {
var curCookieJar *cookiejar.Jar

63
libsubfinder/helper/wildcard.go
View File

@ -13,6 +13,8 @@ import (
"fmt"
"sync"
"strings"
//"github.com/miekg/dns"
)
// Method to eliminate Wildcard Is based on OJ Reeves Work on Gobuster Project
@ -25,7 +27,7 @@ func InitializeWildcardDNS(state *State) bool {
// as our random UUID one
uuid, _ := NewUUID()
// Detection Logic adapted from GoBuster by @thecolonial
// Gets a list of IP's by resolving a non-existent host
wildcardIPs, err := net.LookupHost(fmt.Sprintf("%s.%s", uuid, state.Domain))
if err == nil{
@ -39,39 +41,30 @@ func InitializeWildcardDNS(state *State) bool {
return false
}
//
// CheckWildcardSubdomain : Checks if a given subdomain is a wildcard subdomain
// @argument state : Current application state
// @argument domain : Domain to find subdomains for
// @argument channel : Both request and response channel. If blank, it means a wildcard subdomain
func CheckWildcardSubdomain(state *State, domain string, channel chan string) {
// TODO: Add custom resolver list support
preparedSubdomain := <-channel + "." + domain
ipAddress, err := net.LookupHost(preparedSubdomain)
if err == nil {
// No eror, let's see if it's a Wildcard subdomain
if !state.WildcardIPs.ContainsAny(ipAddress) {
channel <- preparedSubdomain
return
// Checks if a given subdomain is a wildcard subdomain
// It takes Current application state, Domain to find subdomains for
func CheckWildcardSubdomain(state *State, domain string, words chan string, donech chan struct{}, result chan string) {
for target := range channel {
preparedSubdomain := target + "." + domain
ipAddress, err := net.LookupHost(preparedSubdomain)
if err == nil {
// No eror, let's see if it's a Wildcard subdomain
if !state.WildcardIPs.ContainsAny(ipAddress) {
channel <- preparedSubdomain
} else {
// This is likely a wildcard entry, skip it
channel <- ""
}
} else {
// This is likely a wildcard entry, skip it
channel <- ""
return
channel <- ""
}
} else {
channel <- ""
return
}
channel <- ""
return
channel <- ""
}
}
//
// RemoveWildcardSubdomains : Removes bad wildcard subdomains
// @argument subdomains : Subdomains list
// @return []string : List of valid subdomains
// Removes bad wildcard subdomains from list of subdomains.
func RemoveWildcardSubdomains(state *State, subdomains []string) []string {
wildcard := InitializeWildcardDNS(state)
if wildcard == true {
@ -83,18 +76,18 @@ func RemoveWildcardSubdomains(state *State, subdomains []string) []string {
var wg sync.WaitGroup
var channel = make(chan string)
for i := 0; i < state.Threads; i++ {
wg.Add(1)
wg.Add(state.Threads)
for i := 0; i < state.Threads; i++ {
go func() {
defer wg.Done()
CheckWildcardSubdomain(state, state.Domain, channel)
wg.Done()
}()
}
for _, entry := range subdomains {
// Get the subdomain. Some complex logic here :-) lol
sub := strings.Join(strings.Split(entry, ".")[:2][:], ".")
fmt.Printf("\n[!] %s", sub+"."+state.Domain)
channel <- sub
}
@ -108,5 +101,9 @@ func RemoveWildcardSubdomains(state *State, subdomains []string) []string {
}
}
close(channel)
wg.Wait()
return validSubdomains
}

4
libsubfinder/output/output.go
View File

@ -1,11 +1,11 @@
//
// output.go : Contains different functions for reporting
//
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// Contains different functions for reporting
package output
import (

10
libsubfinder/sources/certdb/certdb.go
View File

@ -1,11 +1,11 @@
//
// certdb.go : A CertDB Subdomain parser in golang
//
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// A CertDB Subdomain parser in golang
package certdb
import (
@ -54,10 +54,8 @@ func findSubdomains(link string, state *helper.State, channel chan []string) {
return
}
//
// Query : Queries awesome CertDB service for subdomains
// @param state : current application state, holds all information found
//
// Query function returns all subdomains found using the service.
func Query(state *helper.State, ch chan helper.Result) {
var result helper.Result

7
libsubfinder/sources/certspotter/certspotter.go
View File

@ -1,11 +1,11 @@
//
// certspotter.go : A Golang based client for Certspotter Parsing
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// A Golang based client for Certspotter Parsing
package certspotter
import (
@ -28,10 +28,7 @@ var certspotter_data []certspotter_object
// all subdomains found
var subdomains []string
//
// Query : Queries awesome Certspotter service for subdomains
// @param state : current application state, holds all information found
//
// Query function returns all subdomains found using the service.
func Query(state *helper.State, ch chan helper.Result) {
// Create a result object

7
libsubfinder/sources/crtsh/crtsh.go
View File

@ -1,11 +1,11 @@
//
// crtsh.go : A Golang based client for CRT.SH Parsing
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// A Golang based client for CRT.SH Parsing
package crtsh
import (
@ -29,10 +29,7 @@ var crtsh_data []crtsh_object
// all subdomains found
var subdomains []string
//
// Query : Queries awesome crt.sh service by comodo
// @param state : current application state, holds all information found
//
// Query function returns all subdomains found using the service.
func Query(state *helper.State, ch chan helper.Result) {
var result helper.Result

7
libsubfinder/sources/dnsdumpster/dnsdumpster.go
View File

@ -1,11 +1,11 @@
//
// dnsdumpster.go : A Parser for subdomains from DNSDumpster
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// A Parser for subdomains from DNSDumpster
package dnsdumpster
import (
@ -24,10 +24,7 @@ import (
var subdomains []string
var gCookies []*http.Cookie
//
// Query : Queries awesome DNSDumpster service for subdomains
// @param state : current application state, holds all information found
//
// Query function returns all subdomains found using the service.
func Query(state *helper.State, ch chan helper.Result) {
// CookieJar to hold csrf cookie
var curCookieJar *cookiejar.Jar

7
libsubfinder/sources/findsubdomains/findsubdomains.go
View File

@ -1,11 +1,11 @@
//
// findsubdomains.go : Golang driver from findsubdomains.com
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// Golang driver from findsubdomains.com
package findsubdomains
import (
@ -20,10 +20,7 @@ import (
// all subdomains found
var subdomains []string
//
// Query : Queries awesome Findsubdomains.com service for subdomains
// @param state : current application state, holds all information found
//
// Query function returns all subdomains found using the service.
func Query(state *helper.State, ch chan helper.Result) {
var result helper.Result

7
libsubfinder/sources/hackertarget/hackertarget.go
View File

@ -1,11 +1,11 @@
//
// hackertaget.go : A golang based Hackertarget subdomains search client
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// A golang based Hackertarget subdomains search client
package hackertarget
import (
@ -20,10 +20,7 @@ import (
// all subdomains found
var subdomains []string
//
// Query : Queries awesome Hackertarget subdomain search service
// @param state : current application state, holds all information found
//
// Query function returns all subdomains found using the service.
func Query(state *helper.State, ch chan helper.Result) {
var result helper.Result

18
libsubfinder/sources/netcraft/netcraft.go
View File

@ -1,11 +1,11 @@
//
// netcraft.go : Netcraft Scraping Engine in Golang
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// Netcraft Scraping Engine in Golang
package netcraft
import (
@ -24,15 +24,11 @@ import (
// Contains all subdomains found
var globalSubdomains []string
// Global Holder for Netcraft cookies
var gCookies []*http.Cookie
//
// Local function to recursively enumerate subdomains until no subdomains
// are left :-)
//
// @param baseUrl : Base URL is the URL with which to begin enumerating
// In recursion, it will be used to pass next Subdomains Link
//
// are left
func enumerate(state *helper.State, baseUrl string) (err error) {
// Make a http request to Netcraft
@ -104,13 +100,7 @@ func enumerate(state *helper.State, baseUrl string) (err error) {
return nil
}
//
// Query : Queries awesome Netcraft service for subdomains
// @param state : current application state, holds all information found
//
// @return subdomain : String array containing subdomains found
// @return err : nil if successfull and error if failed
//
// Query function returns all subdomains found using the service.
func Query(state *helper.State, ch chan helper.Result) {
var result helper.Result

7
libsubfinder/sources/passivetotal/passivetotal.go
View File

@ -1,11 +1,11 @@
//
// passivetotal.go : A golang client for Passive total Subdomain Discovery
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// A golang client for Passive total Subdomain Discovery
package passivetotal
import (
@ -27,10 +27,7 @@ var passivetotal_data passivetotal_object
// all subdomains found
var subdomains []string
//
// Query : Queries awesome Passivetotal Service for Subdomains
// @param state : Current application state
//
// Query function returns all subdomains found using the service.
func Query(state *helper.State, ch chan helper.Result) {
var result helper.Result

7
libsubfinder/sources/ptrarchive/ptrarchive.go
View File

@ -1,11 +1,11 @@
//
// ptrarchive.go : A PTRArchive subdomain parser in golang
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// A PTRArchive subdomain parser in golang
package ptrarchive
import (
@ -19,10 +19,7 @@ import (
// all subdomains found
var subdomains []string
//
// Query : Queries awesome CertDB service for subdomains
// @param state : current application state, holds all information found
//
// Query function returns all subdomains found using the service.
func Query(state *helper.State, ch chan helper.Result) {
var result helper.Result

8
libsubfinder/sources/securitytrails/securitytrails.go
View File

@ -1,12 +1,11 @@
//
// securitytrails.go : A golang SecurityTrails API client for subdomain
// discovery.
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// A golang SecurityTrails API client for subdomain discovery.
package securitytrails
import (
@ -27,10 +26,7 @@ var securitytrails_data securitytrails_object
// all subdomains found
var subdomains []string
//
// Query : Queries awesome SecurityTrails Service for Subdomains
// @param state : Current application state
//
// Query function returns all subdomains found using the service.
func Query(state *helper.State, ch chan helper.Result) {
var result helper.Result

7
libsubfinder/sources/threatcrowd/threatcrowd.go
View File

@ -1,11 +1,11 @@
//
// threatcrowd.go : A Golang based client for Threatcrowd API
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// A Golang based client for Threatcrowd API
package threatcrowd
import (
@ -28,10 +28,7 @@ var threatcrowd_data threatcrowd_object
// all subdomains found
var subdomains []string
//
// Query : Queries awesome ThreatCrowd service for subdomains
// @param state : current application state, holds all information found
//
// Query function returns all subdomains found using the service.
func Query(state *helper.State, ch chan helper.Result) {
var result helper.Result

16
libsubfinder/sources/virustotal/virustotal.go
View File

@ -1,5 +1,4 @@
//
// virustotal.go : A Virustotal Client for Subdomain Enumeration
//
// Written By : @ice3man (Nizamul Rana)
//
// Distributed Under MIT License
@ -10,6 +9,7 @@
// rate limiting performed by Virustotal on scraping.
// Direct queries and parsing can be also done :-)
// A Virustotal Client for Subdomain Enumeration
package virustotal
import (
@ -27,13 +27,9 @@ type virustotalapi_object struct {
var virustotalapi_data virustotalapi_object
//
// Local function to query virustotal API
// Requires an API key
//
// @note : If the user specifies an API key in config.json, we use API
// If not, we try to scrape pages though it is highly discouraged
//
func queryVirustotalApi(state *helper.State) (subdomains []string, err error) {
// Make a search for a domain name and get HTTP Response
@ -85,10 +81,8 @@ func queryVirustotalApi(state *helper.State) (subdomains []string, err error) {
return subdomains, err
}
}*/
//
// Query : Queries awesome Virustotal Service for Subdomains
// @param state : Current application state
//
// Query function returns all subdomains found using the service.
func Query(state *helper.State, ch chan helper.Result) {
var result helper.Result

6
main.go
View File

@ -1,12 +1,11 @@
//
// process.go : Contains main package drivers and stuff
// subfinder : Subdomain discovery tool in golang
// Written By : @codingo
// @ice3man
//
// Distributed Under MIT License
// Copyrights (C) 2018 Ice3man
//
// Contains main driver classes for the tool
package main
import (
@ -68,7 +67,6 @@ func main() {
os.Exit(1)
}
// Improve Usage guide here
if state.Domain == "" {
fmt.Printf("\n\nsubfinder: Missing domain argument\nTry './subfinder -h' for more information\n")
os.Exit(1)