From dbba5b2252a513890c3f552ea364242182cd78ab Mon Sep 17 00:00:00 2001 From: mzack Date: Fri, 4 May 2018 23:31:47 +0200 Subject: [PATCH] Added Bing passive search --- libsubfinder/engines/passive/passive.go | 18 ++++- libsubfinder/sources/bing/bing.go | 99 +++++++++++++++++++++++++ 2 files changed, 114 insertions(+), 3 deletions(-) create mode 100644 libsubfinder/sources/bing/bing.go diff --git a/libsubfinder/engines/passive/passive.go b/libsubfinder/engines/passive/passive.go index 530c5ce..a5627ef 100644 --- a/libsubfinder/engines/passive/passive.go +++ b/libsubfinder/engines/passive/passive.go @@ -35,6 +35,7 @@ import ( "github.com/Ice3man543/subfinder/libsubfinder/sources/virustotal" "github.com/Ice3man543/subfinder/libsubfinder/sources/waybackarchive" "github.com/Ice3man543/subfinder/libsubfinder/sources/baidu" + "github.com/Ice3man543/subfinder/libsubfinder/sources/bing" ) // Sources configuration structure specifying what should we use @@ -58,12 +59,13 @@ type Source struct { Riddler bool Dnsdb bool Baidu bool + Bing bool NoOfSources int } func PassiveDiscovery(state *helper.State) (finalPassiveSubdomains []string) { - sourceConfig := Source{false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 0} + sourceConfig := Source{false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, 0} fmt.Printf("\n") if state.Sources == "all" { @@ -87,10 +89,11 @@ func PassiveDiscovery(state *helper.State) (finalPassiveSubdomains []string) { fmt.Printf("\n[-] Searching For Subdomains in Riddler") fmt.Printf("\n[-] Searching For Subdomains in Netcraft") fmt.Printf("\n[-] Searching For Subdomains in Dnsdb") - fmt.Printf("\n[-] Searching For Subdomains in Baidu\n") + fmt.Printf("\n[-] Searching For Subdomains in Baidu") + fmt.Printf("\n[-] Searching For Subdomains in Bing\n") } - sourceConfig = Source{true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, 18} + sourceConfig = Source{true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, true, 19} } else { // Check data sources and create a source configuration structure @@ -204,6 +207,12 @@ func PassiveDiscovery(state *helper.State) (finalPassiveSubdomains []string) { } sourceConfig.Baidu = true sourceConfig.NoOfSources = sourceConfig.NoOfSources + 1 + } else if source == "bing" { + if state.Silent != true { + fmt.Printf("\n[-] Searching For Subdomains in Bing") + } + sourceConfig.Bing = true + sourceConfig.NoOfSources = sourceConfig.NoOfSources + 1 } } } @@ -267,6 +276,9 @@ func PassiveDiscovery(state *helper.State) (finalPassiveSubdomains []string) { if sourceConfig.Baidu == true { go baidu.Query(state, ch) } + if sourceConfig.Bing == true { + go bing.Query(state, ch) + } // Recieve data from all goroutines running for i := 0; i < sourceConfig.NoOfSources; i++ { diff --git a/libsubfinder/sources/bing/bing.go b/libsubfinder/sources/bing/bing.go new file mode 100644 index 0000000..a8a04cb --- /dev/null +++ b/libsubfinder/sources/bing/bing.go @@ -0,0 +1,99 @@ +// +// Written By : @Mzack9999 (Marco Rivoli) +// +// Distributed Under MIT License +// Copyrights (C) 2018 Ice3man +// + +// A golang client for Bing Subdomain Discovery +package bing + +import ( + "fmt" + "io/ioutil" + "regexp" + "strconv" + "sort" + "net/url" + + "github.com/Ice3man543/subfinder/libsubfinder/helper" +) + +// all subdomains found +var subdomains []string + +// Query function returns all subdomains found using the service. +func Query(state *helper.State, ch chan helper.Result) { + + var result helper.Result + result.Subdomains = subdomains + min_iterations := 50 + max_iterations := 760 + search_query := "" + current_page := 0 + for current_iteration := 0; current_iteration <= max_iterations; current_iteration++ { + new_search_query := "domain:" + state.Domain + if len(subdomains) > 0 { + new_search_query += " -www." + state.Domain + } + new_search_query = url.QueryEscape(new_search_query) + if search_query != new_search_query { + current_page = 0 + search_query = new_search_query + } + + resp, err := helper.GetHTTPResponse("https://www.bing.com/search?q=" + search_query + "&go=Submit&first=" + strconv.Itoa(current_page), state.Timeout) + if err != nil { + result.Error = err + ch <- result + return + } + + // Get the response body + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + result.Error = err + ch <- result + return + } + + // suppress all %xx sequences with a space + re_sub := regexp.MustCompile(`%.{2}`) + src := re_sub.ReplaceAllLiteralString(string(body), " ") + + re := regexp.MustCompile(`([a-z0-9]+\.)+` + state.Domain) + match := re.FindAllString(src, -1) + + new_subdomains_found := 0 + for _, subdomain := range match { + if sort.StringsAreSorted(subdomains) == false { + sort.Strings(subdomains) + } + + insert_index := sort.SearchStrings(subdomains, subdomain) + if insert_index < len(subdomains) && subdomains[insert_index] == subdomain { + continue + } + + if state.Verbose == true { + if state.Color == true { + fmt.Printf("\n[%sBing%s] %s", helper.Red, helper.Reset, subdomain) + } else { + fmt.Printf("\n[Bing] %s", subdomain) + } + } + + subdomains = append(subdomains, subdomain) + new_subdomains_found++ + } + // If no new subdomains are found exits after min_iterations + if new_subdomains_found == 0 && current_iteration > min_iterations { + break + } + current_page++ + } + + result.Subdomains = subdomains + result.Error = nil + ch <- result +} \ No newline at end of file