christophetd / censys-subdomain-finder Goto Github PK

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

Python 100.00%

subdomain-scanner subdomains pentest-tool osint recon enumerate-subdomains certificate-transparency-logs pentesting bugbounty subdomain-enumeration

censys-subdomain-finder's Introduction

Censys subdomain finder

This is a tool to enumerate subdomains using the Certificate Transparency logs stored in Censys Search. It should return any subdomain who has ever been issued a SSL certificate by a public CA.

See it in action:

$ python censys-subdomain-finder.py github.com

[*] Searching Censys for subdomains of github.com
[*] Found 42 unique subdomains of github.com in ~1.7 seconds

  - hq.github.com
  - talks.github.com
  - cla.github.com
  - github.com
  - cloud.github.com
  - enterprise.github.com
  - help.github.com
  - collector-cdn.github.com
  - central.github.com
  - smtp.github.com
  - cas.octodemo.github.com
  - schrauger.github.com
  - jobs.github.com
  - classroom.github.com
  - dodgeball.github.com
  - visualstudio.github.com
  - branch.github.com
  - www.github.com
  - edu.github.com
  - education.github.com
  - import.github.com
  - styleguide.github.com
  - community.github.com
  - server.github.com
  - mac-installer.github.com
  - registry.github.com
  - f.cloud.github.com
  - offer.github.com
  - helpnext.github.com
  - foo.github.com
  - porter.github.com
  - id.github.com
  - atom-installer.github.com
  - review-lab.github.com
  - vpn-ca.iad.github.com
  - maintainers.github.com
  - raw.github.com
  - status.github.com
  - camo.github.com
  - support.enterprise.github.com
  - stg.github.com
  - rs.github.com

Setup

Register an account (free) on https://search.censys.io/register
Browse to https://search.censys.io/account, and set two environment variables with your API ID and API secret:
```
export CENSYS_API_ID=...
export CENSYS_API_SECRET=...
```
Alternatively, you can use a .env file to store these values for persistence across uses:
```
cp .env.template .env
```
Then edit the .env file and set the values for CENSYS_API_ID and CENSYS_API_SECRET.

Clone the repository:

git clone https://github.com/christophetd/censys-subdomain-finder.git

Install the dependencies in a virtualenv:

cd censys-subdomain-finder
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

Usage

Sample usage:

python censys-subdomain-finder.py example.com

Output the list of subdomains to a text file:

python censys-subdomain-finder.py example.com -o subdomains.txt

usage: censys-subdomain-finder.py [-h] [-o OUTPUT_FILE]
                                  [--censys-api-id CENSYS_API_ID]
                                  [--censys-api-secret CENSYS_API_SECRET]
                                  domain

positional arguments:
  domain                The domain to scan

optional arguments:
  -h, --help            show this help message and exit
  -o OUTPUT_FILE, --output OUTPUT_FILE
                        A file to output the list of subdomains to (default:
                        None)
  --censys-api-id CENSYS_API_ID
                        Censys API ID. Can also be defined using the
                        CENSYS_API_ID environment variable (default: None)
  --censys-api-secret CENSYS_API_SECRET
                        Censys API secret. Can also be defined using the
                        CENSYS_API_SECRET environment variable (default: None)

Compatibility

Should run on Python 3.7+.

Notes

The Censys API has a limit rate of 120 queries per 5 minutes window. Each invocation of this tool makes exactly one API call to Censys.

Feel free to open an issue or to tweet @christophetd for suggestions or remarks.

censys-subdomain-finder's People

Contributors

Stargazers

Watchers

Forkers

security-geeks minkione gdraperi c0dak w00t3k szlwzl p3t3rp4rk3r expertasif lei720 opt9 rvrsh3ll jwalker victorgutierrez92 m1m3x01 binaryreaper shellsec samhaxr mgcfish mehrdad-shokri rootinshell melardev mmg1 vishalkrtr zshell rajivraj raystyle d1pakda5 jack51706 bbhunter jimywork eln1x star-bob kabadjo lesiah vince-lynch l0n3rs vinsonzou johndoex1 tutorgeeks modulexcite muneebirfan j5s morristech qing-q kjigs underwood12 affilares lw1988 mybrainisrewired avi8892 shahid1996 an4kein wananjun enumeration-tools elamaran619 michael-lettona sec99 5l1v3r1 gerardomndz espectadora berkotako massito h3xhash 3453-315h titanlambda nyanyi helcaraxeals zforks tirkarthi jayway007 rickjms1337 lmfaolmaobox11123 thehappydinoa explore-c tobey123 danzee1 israelccarvalho michaelcandoo ronoc2020 davidestf tommalvoriddle hartl3y94 metah4ck darx0r aleph-works readloud ktzgraph codefen amrmonier himalaya-pamir ikpehlivan 0xgxthxb dekoder abramas maxprog dutchcyberguy vkvbit ptonewreckin beike2020 go-bi

censys-subdomain-finder's Issues

Setting up API key

How do i setup/define the default api key & secret so the tool uses it automatically and i dont have to put it manually every time

ModuleNotFoundError: No module named 'censys'

May i what am missing?

$ pip install requirements.txt
Collecting requirements.txt
Could not find a version that satisfies the requirement requirements.txt (from versions: )
No matching distribution found for requirements.txt

$ python censys_subdomain_finder.py example.com
Traceback (most recent call last):
File "censys_subdomain_finder.py", line 3, in
import censys.certificates
ModuleNotFoundError: No module named 'censys'

not config apis

[*] Applying non-commerical limits (1000 results at most)
[!] Please set your Censys API ID and secret from your environment (CENSYS_API_ID and CENSYS_API_SECRET) or from the command line.

Cant understand these errors please help!

root@kali: python3 censys_subdomain_finder.py -h
censys_subdomain_finder.py:41: SyntaxWarning: "is" with a literal. Did you mean "=="?
if len(subdomains) is 0:
censys_subdomain_finder.py:53: SyntaxWarning: "is" with a literal. Did you mean "=="?
if output_file is None or len(subdomains) is 0:

root@kali: python censys_subdomain_finder.py -h
Traceback (most recent call last):
File "censys_subdomain_finder.py", line 3, in
import censys.certificates
ImportError: No module named censys.certificates

Note: i tried with python2 and python3 and also install all the reqirements using pip3 install -r requirement.txt

import.censys.certificate

when I am using command
i am facing the issue of [ import censys.certificates ] while using command from both python2 and python3

Invalid command in the installation section

in the command

python3 -m venv

there is a missing dot at the end

Provide a Docker image

Failure when scanning a domain with 10k+ certificates

Reported by @soaj1664ashar. See: https://pbs.twimg.com/media/DTqhtmsX0AAYlkb.jpg

Potential solutions:

Paginate the search (i.e. make several API requests reading less than 10k certificates)
Truncate to 10k search results using the Censys API max_results parameter

Your Censys credentials look invalid.

i have this problem
─$ python3 censys-subdomain-finder.py github.com
[] Applying free plan limits (1000 results at most)
[] Searching Censys for subdomains of github.com
[-] Your Censys credentials look invalid.
i try to rest my api keys and same problem

Error adding censys api id and secret

Upon adding censys-api-id and censys-api-secret

this is the result after i input the censys api id

error : too few arguments.

Please fix this error.