GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → christophetd → Censys Subdomain Finder

christophetd / Censys Subdomain Finder

⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

osintpentest-toolreconsubdomain-scanner

Projects that are alternatives of or similar to Censys Subdomain Finder

Oneforall
OneForAll是一款功能强大的子域收集工具
Stars: ✭ 4,202 (+945.27%)
Mutual labels:  osint, pentest-tool, recon, subdomain-scanner
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+34.58%)
Mutual labels:  osint, pentest-tool, recon
Vajra
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (-33.08%)
Mutual labels:  osint, pentest-tool, recon
Behold3r
👻Behold3r -- 收集指定网站的子域名,并可监控指定网站的子域名更新情况,发送变更报告至指定邮箱
Stars: ✭ 29 (-92.79%)
Mutual labels:  pentest-tool, subdomain-scanner
burp-ntlm-challenge-decoder
Burp extension to decode NTLM SSP headers and extract domain/host information
Stars: ✭ 28 (-93.03%)
Mutual labels:  osint, recon
Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (-58.46%)
Mutual labels:  osint, recon
PyParser-CVE
Multi source CVE/exploit parser.
Stars: ✭ 25 (-93.78%)
Mutual labels:  osint, pentest-tool
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+743.53%)
Mutual labels:  osint, pentest-tool
querytool
Querytool is an OSINT framework based on Google Spreadsheets. With this tool you can perform complex search of terms, people, email addresses, files and many more.
Stars: ✭ 104 (-74.13%)
Mutual labels:  osint, recon
Pulsar
Network footprint scanner platform. Discover domains and run your custom checks periodically.
Stars: ✭ 314 (-21.89%)
Mutual labels:  osint, recon
Osint team links
Links for the OSINT Team
Stars: ✭ 378 (-5.97%)
Mutual labels:  osint, recon
mailcat
Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬
Stars: ✭ 219 (-45.52%)
Mutual labels:  osint, recon
XposedOrNot
XposedOrNot (XoN) tool is to search an aggregated repository of xposed passwords comprising of ~850 million real time passwords. Usage of such compromised passwords is detrimental to individual account security.
Stars: ✭ 120 (-70.15%)
Mutual labels:  osint, recon
nuubi
Nuubi Tools (Information-ghatering|Scanner|Recon.)
Stars: ✭ 76 (-81.09%)
Mutual labels:  osint, recon
flydns
Related subdomains finder
Stars: ✭ 29 (-92.79%)
Mutual labels:  osint, recon
Subscraper
Subdomain enumeration through various techniques
Stars: ✭ 265 (-34.08%)
Mutual labels:  pentest-tool, subdomain-scanner
Buster
An advanced tool for email reconnaissance
Stars: ✭ 387 (-3.73%)
Mutual labels:  osint, recon
Maryam
Maryam: Open-source Intelligence(OSINT) Framework
Stars: ✭ 371 (-7.71%)
Mutual labels:  osint, recon
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-64.68%)
Mutual labels:  recon, subdomain-scanner
o365chk
Simple Python tool to check if there is an Office 365 instance linked to a domain.
Stars: ✭ 37 (-90.8%)
Mutual labels:  osint, recon
View All Similar Projects ➔

Censys subdomain finder

This is a tool to enumerate subdomains using the Certificate Transparency logs stored by Censys. It should return any subdomain who has ever been issued a SSL certificate by a public CA.

See it in action:

$ python censys_subdomain_finder.py github.com

[*] Searching Censys for subdomains of github.com
[*] Found 42 unique subdomains of github.com in ~1.7 seconds

  - hq.github.com
  - talks.github.com
  - cla.github.com
  - github.com
  - cloud.github.com
  - enterprise.github.com
  - help.github.com
  - collector-cdn.github.com
  - central.github.com
  - smtp.github.com
  - cas.octodemo.github.com
  - schrauger.github.com
  - jobs.github.com
  - classroom.github.com
  - dodgeball.github.com
  - visualstudio.github.com
  - branch.github.com
  - www.github.com
  - edu.github.com
  - education.github.com
  - import.github.com
  - styleguide.github.com
  - community.github.com
  - server.github.com
  - mac-installer.github.com
  - registry.github.com
  - f.cloud.github.com
  - offer.github.com
  - helpnext.github.com
  - foo.github.com
  - porter.github.com
  - id.github.com
  - atom-installer.github.com
  - review-lab.github.com
  - vpn-ca.iad.github.com
  - maintainers.github.com
  - raw.github.com
  - status.github.com
  - camo.github.com
  - support.enterprise.github.com
  - stg.github.com
  - rs.github.com

Setup

  1. Register an account (free) on https://censys.io/register
  2. Browse to https://censys.io/account, and set two environment variables with your API ID and API secret
$ export CENSYS_API_ID=...
$ export CENSYS_API_SECRET=...
  1. Clone the repository
$ git clone https://github.com/christophetd/censys-subdomain-finder.git
  1. Install the dependencies
$ cd censys-subdomain-finder
$ pip install -r requirements.txt
  1. Run the script on example.com to make sure everything works as expected.
$ python censys_subdomain_finder.py example.com

[*] Searching Censys for subdomains of example.com
[*] Found 5 unique subdomains of example.com

  - products.example.com
  - www.example.com
  - dev.example.com
  - example.com
  - support.example.com

Usage

usage: censys_subdomain_finder.py [-h] [-o OUTPUT_FILE]
                                  [--censys-api-id CENSYS_API_ID]
                                  [--censys-api-secret CENSYS_API_SECRET]
                                  domain

positional arguments:
  domain                The domain to scan

optional arguments:
  -h, --help            show this help message and exit
  -o OUTPUT_FILE, --output OUTPUT_FILE
                        A file to output the list of subdomains to (default:
                        None)
  --censys-api-id CENSYS_API_ID
                        Censys API ID. Can also be defined using the
                        CENSYS_API_ID environment variable (default: None)
  --censys-api-secret CENSYS_API_SECRET
                        Censys API secret. Can also be defined using the
                        CENSYS_API_SECRET environment variable (default: None)

Compatibility

Should run on Python 2.7 and 3.5.

Notes

The Censys API has a limit rate of 120 queries per 5 minutes window. Each invocation of this tool makes exactly one API call to Censys.

Feel free to open an issue or to tweet @christophetd for suggestions or remarks.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].