forked from rvrsh3ll/FindFrontableDomains
-
Notifications
You must be signed in to change notification settings - Fork 1
/
FindFrontableDomains.py
executable file
·134 lines (124 loc) · 6.16 KB
/
FindFrontableDomains.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#!/usr/bin/python3
#Run setup.sh first!
import dns.resolver
import threading
import queue
import argparse
import sys
import sslscan
import subprocess
from Sublist3r import sublist3r
from datetime import datetime
class ThreadLookup(threading.Thread):
def __init__(self, queue):
threading.Thread.__init__(self)
self.queue = queue
def run(self):
while True:
if self.queue.empty():
break
#grabs host from queue
hostname = self.queue.get()
try:
dns.resolver.default_resolver = dns.resolver.Resolver(configure=False)
dns.resolver.default_resolver.nameservers = ['209.244.0.3', '209.244.0.4','64.6.64.6','64.6.65.6', '8.8.8.8', '8.8.4.4','84.200.69.80', '84.200.70.40', '8.26.56.26', '8.20.247.20', '208.67.222.222', '208.67.220.220','199.85.126.10', '199.85.127.10', '81.218.119.11', '209.88.198.133', '195.46.39.39', '195.46.39.40', '96.90.175.167', '193.183.98.154','208.76.50.50', '208.76.51.51', '216.146.35.35', '216.146.36.36', '37.235.1.174', '37.235.1.177', '198.101.242.72', '23.253.163.53', '77.88.8.8', '77.88.8.1', '91.239.100.100', '89.233.43.71', '74.82.42.42', '109.69.8.51']
query = dns.resolver.resolve(hostname, 'a')
# Iterate through response and check for potential CNAMES
for i in query.response.answer:
for j in i.items:
target = j.to_text()
if 'cloudfront' in target:
print("CloudFront Frontable domain found: " + str(hostname) + " " + str(target))
elif 'ghs.googlehosted.com' in target:
print("Google Frontable domain found: " + str(hostname) + " " + str(target))
elif 'appspot.com' in target:
print("Appspot (Old) Frontable domain found: " + str(hostname) + " " + str(target))
elif 'aspnetcdn.com' in target or 'azureedge.net' in target or 'msecnd.net' in target :
try:
response=subprocess.getoutput(f'pysslscan scan --scan=protocol.http --scan=server.ciphers --tls10 {str(hostname)} | grep Accepted | wc -l')
if int(response) > 0:
print("\033[92mAzure Frontable domain found: " + str(hostname) + " " + str(target) + '\033[0m')
continue
except Exception as e:
print(e)
pass
print("Azure Frontable domain found: " + str(hostname) + " " + str(target))
elif 'a248.e.akamai.net' in target:
print("Akamai frontable domain found: " + str(hostname) + " " + str(target))
elif 'secure.footprint.net' in target:
print("Level 3 URL frontable domain found: " + str(hostname) + " " + str(target))
elif 'cloudflare' in target:
print("Cloudflare frontable domain found: " + str(hostname) + " " + str(target))
elif 'unbouncepages.com' in target:
print("Unbounce frontable domain found: " + str(hostname) + " " + str(target))
elif 'x.incapdns.net' in target:
print("Incapsula frontable domain found: " +str(hostname) + " " + str(target))
elif 'fastly' in target:
print("Fastly URL frontable domain found: " + str(hostname) + " " + str(target))
except Exception as e:
pass
self.queue.task_done()
def main():
parser = argparse.ArgumentParser()
parser.add_argument('-f', '--file', type=str, required=False)
parser.add_argument('-t', '--threads', type=int, required=False, default=20)
parser.add_argument('-d', '--domain', type=str, required=False)
parser.add_argument('-c', '--check', type=str, required=False)
parser.add_argument('-r', '--recursive', type=str, required=False)
args = parser.parse_args()
threads = args.threads
check = args.check
file = args.file
domain = args.domain
recursive = args.recursive
from colorama import init
init(strip=not sys.stdout.isatty()) # strip colors if stdout is redirected
from termcolor import cprint
from pyfiglet import figlet_format
cprint(figlet_format('Find'))
cprint(figlet_format('Frontable'))
cprint(figlet_format('Domains'))
q = queue.Queue()
if file:
with open(file, 'r') as f:
for d in f:
d = d.rstrip()
if d:
q.put(d)
elif recursive:
with open('./Subdomains-Found-%s.txt'%datetime.now().strftime('%d-%m-%Y_%H:%M'), 'w') as log:
with open(recursive, 'r') as f:
for d in f:
d = d.rstrip()
if d:
q.put(d)
subdomains = []
subdomains = sublist3r.main(d, threads, savefile=None, ports=None, silent=False, verbose=False, enable_bruteforce=False, engines=None)
for i in subdomains:
log.write(i + '\n')
print(i)
q.put(i)
elif check:
q.put(check)
elif domain:
q.put(domain)
subdomains = []
subdomains = sublist3r.main(domain, threads, savefile=None, ports=None, silent=False, verbose=False, enable_bruteforce=False, engines=None)
for i in subdomains:
print(i)
q.put(i)
else:
print("No Input Detected!")
sys.exit()
print("---------------------------------------------------------")
print("Starting search for frontable domains...")
# spawn a pool of threads and pass them queue instance
for i in range(threads):
t = ThreadLookup(q)
t.setDaemon(True)
t.start()
q.join()
print("")
print("Search complete!")
if __name__ == "__main__":
main()