Adding whois module and subdomain sources. Buggy and Unstable

iampritam97 · Nov 1, 2023 · f34eeca · f34eeca
1 parent 28c66ee
commit f34eeca
Show file tree

Hide file tree

Showing 9 changed files with 101 additions and 31 deletions.
diff --git a/mytest.py b/mytest.py
@@ -1,11 +1,12 @@
 from reconnaissance.subdomainenumeration import enumerate_subdomains
 
-domain = "bing.com"
-subdomains = enumerate_subdomains(domain)
 
-if subdomains:
-    print(f"Subdomains for {domain}:")
-    for subdomain in subdomains:
-        print(subdomain)
-else:
-    print(f"No subdomains found for {domain}.")
+# domain = "bing.com"
+# subdomains = enumerate_subdomains(domain)
+#
+# if subdomains:
+#     print(f"Subdomains for {domain}:")
+#     for subdomain in subdomains:
+#         print(subdomain)
+# else:
+#     print(f"No subdomains found for {domain}.")
diff --git a/reconnaissance/WHOISsource/__init__.py b/reconnaissance/WHOISsource/__init__.py
diff --git a/reconnaissance/WHOISsource/whois_source.py b/reconnaissance/WHOISsource/whois_source.py
@@ -0,0 +1,21 @@
+import socket
+
+
+def perform_whois_lookup(domain_name):
+    whois_server = "whois.iana.org"
+
+    try:
+        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+            s.connect((whois_server, 43))
+            s.send(f"{domain_name}\r\n".encode())
+
+            response = b""
+            while True:
+                data = s.recv(4096)
+                if not data:
+                    break
+                response += data
+
+            return response.decode("utf-8")
+    except Exception as e:
+        return str(e)
diff --git a/reconnaissance/subdomainenumeration.py b/reconnaissance/subdomainenumeration.py
@@ -1,26 +1,14 @@
-import requests
-import json
+from reconnaissance.subdomainsource.crtsh_source import query_crtsh
+from reconnaissance.subdomainsource.alienvault_source import query_alienvault
+from reconnaissance.subdomainsource.rapiddns_source import query_rapiddns
 
+def enumerate_subdomains(domain, alienvault_api_key=None):
+    crtsh_subdomains = query_crtsh(domain)
+    alienvault_subdomains = set()
+    rapiddns_subdomains = query_rapiddns(domain)
 
-def enumerate_subdomains(domain):
-    try:
-        # Send a request to the CRT.sh API
-        url = f"https://crt.sh/?q=%.{domain}&output=json"
-        response = requests.get(url)
+    if alienvault_api_key:
+        alienvault_subdomains = query_alienvault(domain, alienvault_api_key)
 
-        if response.status_code == 200:
-            # Parse the JSON response
-            data = json.loads(response.text)
-
-            # Extract and format subdomains
-            subdomains = set()
-            for entry in data:
-                subdomains.add(entry['name_value'].strip())
-
-            return subdomains
-        else:
-            print(f"Failed to fetch subdomains for {domain}.")
-            return set()
-    except Exception as e:
-        print(f"An error occurred: {str(e)}")
-        return set()
+    subdomains = crtsh_subdomains.union(alienvault_subdomains).union(rapiddns_subdomains)
+    return subdomains
diff --git a/reconnaissance/subdomainsource/__init__.py b/reconnaissance/subdomainsource/__init__.py
diff --git a/reconnaissance/subdomainsource/alienvault_source.py b/reconnaissance/subdomainsource/alienvault_source.py
@@ -0,0 +1,19 @@
+import requests
+import json
+
+def query_alienvault(domain, api_key):
+    try:
+        url = f"https://otx.alienvault.com:443/api/v1/indicators/domain/{domain}/passive_dns"
+        headers = {"X-OTX-API-KEY": api_key}
+        response = requests.get(url, headers=headers)
+
+        if response.status_code == 200:
+            data = response.json()
+            subdomains = set()
+            for entry in data.get("passive_dns", []):
+                subdomains.add(entry["hostname"])
+            return subdomains
+        else:
+            return set()
+    except Exception as e:
+        return set()
diff --git a/reconnaissance/subdomainsource/crtsh_source.py b/reconnaissance/subdomainsource/crtsh_source.py
@@ -0,0 +1,18 @@
+import requests
+import json
+
+def query_crtsh(domain):
+    try:
+        url = f"https://crt.sh/?q=%.{domain}&output=json"
+        response = requests.get(url)
+
+        if response.status_code == 200:
+            data = json.loads(response.text)
+            subdomains = set()
+            for entry in data:
+                subdomains.add(entry['name_value'].strip())
+            return subdomains
+        else:
+            return set()
+    except Exception as e:
+        return set()
diff --git a/reconnaissance/subdomainsource/rapiddns_source.py b/reconnaissance/subdomainsource/rapiddns_source.py
@@ -0,0 +1,15 @@
+import requests
+import re
+
+def query_rapiddns(domain):
+    try:
+        url = f"https://rapiddns.io/subdomain/{domain}"
+        response = requests.get(url)
+
+        if response.status_code == 200:
+            subdomains = set(re.findall(r'(?<=<a href="/subdomain/)(.*?)(?=">)', response.text))
+            return subdomains
+        else:
+            return set()
+    except Exception as e:
+        return set()
diff --git a/reconnaissance/whoislookup.py b/reconnaissance/whoislookup.py
@@ -0,0 +1,8 @@
+from reconnaissance.WHOISsource.whois_source import perform_whois_lookup
+
+if __name__ == "__main__":
+    domain_name = input("Enter the domain name for WHOIS lookup: ")
+    result = perform_whois_lookup(domain_name)
+
+    print("WHOIS Information:")
+    print(result)