-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathxSub.py
More file actions
100 lines (87 loc) · 4.46 KB
/
Copy pathxSub.py
File metadata and controls
100 lines (87 loc) · 4.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
import os
from exp10it import get_root_domain
from exp10it import figlet2file
from exploit import LOG_FOLDER_PATH
from exploit import ModulePath
def get_sub_domains(target, use_tool="Sublist3r"):
# target为http开头+domain
# 注意target(http://www.baidu.com)要换成如baidu.com的结果,然后再当作参数传入下面可能用的工具中
# www.baidu.com--->baidu.com,baidu.com是下面工具的参数
# use_tool为子站获取工具选择
# Sublist3r工具详情如下
# 获取子站列表,domain为域名格式,不含http
# https://github.com/aboul3la/Sublist3r
# works in python2,use os.system get the execute output
if target[:4] == "http":
domain = target.split("/")[-1]
else:
print("make sure your para in get_sub_domains func has scheme like http or https")
return
figlet2file("geting sub domains", 0, True)
root_domain = get_root_domain(domain)
if os.path.exists(LOG_FOLDER_PATH) == False:
os.system("mkdir %s" % LOG_FOLDER_PATH)
if os.path.exists("%s/sub" % LOG_FOLDER_PATH) == False:
os.system("cd %s && mkdir sub" % LOG_FOLDER_PATH)
store_file = LOG_FOLDER_PATH + "/sub/" + domain.replace(".", "_") + "_sub.txt"
Sublist3r_store_file = "Sublist3r.out.txt"
sub_domains_brute_store_file = "sub_domains_brute.out.txt"
def Sublist3r(domain):
# 用Sublist3r方式获取子站
if os.path.exists(ModulePath + "Sublist3r") == False:
os.system("git clone https://github.com/aboul3la/Sublist3r.git %s_sublist3r" % ModulePath)
# 下面的cd到一个目录只在一句代码中有效,执行完就不在Sublist3r目录里了
os.system("cd %s_sublist3r && pip install -r requirements.txt" % ModulePath)
# 下面的命令执行不受上面的cd到一个目录影响
os.system("cd %s_sublist3r && python sublist3r.py -v -d %s -o %s" %
(ModulePath, root_domain, Sublist3r_store_file))
else:
os.system("cd %s_sublist3r && python sublist3r.py -v -d %s -o %s" %
(ModulePath, root_domain, Sublist3r_store_file))
def sub_domains_brute(domain):
# 用sub_domains_brute方式获取子站
# https://github.com/lijiejie/sub_domains_brute.git
if os.path.exists(ModulePath + "sub_domains_brute") == False:
os.system("git clone https://github.com/lijiejie/sub_domains_brute.git %ssub_domains_brute" % ModulePath)
os.system("pip install dnspython")
os.system(
"cd %ssub_domains_brute && python sub_domains_brute.py -i -o %s %s" %
(ModulePath, sub_domains_brute_store_file, root_domain))
else:
os.system(
"cd %ssub_domains_brute && python sub_domains_brute.py -i -o %s %s" %
(ModulePath, sub_domains_brute_store_file, root_domain))
if os.path.exists(store_file) == False:
if use_tool == "all":
Sublist3r(root_domain)
os.system(
"cat %s_sublist3r/%s >> %s" %
(ModulePath, Sublist3r_store_file, store_file))
os.system("rm %s_sublist3r/%s" % (ModulePath, Sublist3r_store_file))
sub_domains_brute(root_domain)
with open("%ssub_domains_brute/%s" % (ModulePath, sub_domains_brute_store_file), "r+") as f:
with open(store_file, "a+") as outfile:
for each in f:
if each not in outfile.readlines():
outfile.write(each)
os.system("rm %ssub_domains_brute/%s" % (ModulePath, sub_domains_brute_store_file))
if use_tool == "Sublist3r":
Sublist3r(domain)
os.system(
"cat %s_sublist3r/%s >> %s" %
(ModulePath, Sublist3r_store_file, store_file))
os.system("rm %s_sublist3r/%s" % (ModulePath, Sublist3r_store_file))
if use_tool == "sub_domains_brute":
sub_domains_brute(domain)
os.system("cat %ssub_domains_brute/%s >> %s" %
(ModulePath, sub_domains_brute_store_file, store_file))
os.system("rm %ssub_domains_brute/%s" % (ModulePath, sub_domains_brute_store_file))
else:
# 文件存在说明上次已经获取sub domains
print("you have got the sub domains last time")
with open(store_file, "r+") as f:
string=f.read()
return string
if __name__=='__main__':
import sys
get_sub_domains(sys.argv[1])