Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commita0b261c

Browse files
committed
added subdomain scanner tutorial
1 parente7fe8ee commita0b261c

File tree

6 files changed

+233
-0
lines changed

6 files changed

+233
-0
lines changed

‎README.md‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ This is a repository of all the tutorials of [The Python Code](https://www.thepy
1717
-[Making a Port Scanner using sockets in Python](https://www.thepythoncode.com/article/make-port-scanner-python). ([code](ethical-hacking/port_scanner))
1818
-[How to Create a Reverse Shell in Python](https://www.thepythoncode.com/article/create-reverse-shell-python). ([code](ethical-hacking/reverse_shell))
1919
-[How to Encrypt and Decrypt Files in Python](https://www.thepythoncode.com/article/encrypt-decrypt-files-symmetric-python). ([code](ethical-hacking/file-encryption))
20+
-[How to Make a Subdomain Scanner in Python](https://www.thepythoncode.com/article/make-subdomain-scanner-python). ([code](ethical-hacking/subdomain-scanner))
2021

2122
-###[Machine Learning](https://www.thepythoncode.com/topic/machine-learning)
2223
-###[Natural Language Processing](https://www.thepythoncode.com/topic/nlp)
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
#[How to Make a Subdomain Scanner in Python](https://www.thepythoncode.com/article/make-subdomain-scanner-python)
2+
To run this:
3+
-`pip3 install -r requirements.txt`
4+
- To run the fast subdomain scanner:
5+
```
6+
python fast_subdomain_scanner.py --help
7+
```
8+
**Output:**
9+
```
10+
usage: fast_subdomain_scanner.py [-h] [-l WORDLIST] [-t NUM_THREADS] domain
11+
12+
Faster Subdomain Scanner using Threads
13+
14+
positional arguments:
15+
domain Domain to scan for subdomains without protocol (e.g
16+
without 'http://' or 'https://')
17+
18+
optional arguments:
19+
-h, --help show this help message and exit
20+
-l WORDLIST, --wordlist WORDLIST
21+
File that contains all subdomains to scan, line by
22+
line. Default is subdomains.txt
23+
-t NUM_THREADS, --num-threads NUM_THREADS
24+
Number of threads to use to scan the domain. Default
25+
is 10
26+
```
27+
- If you want to scan hackthissite.org for subdomains using only 10 threads with a word list of 100 subdomains (`subdomains.txt`):
28+
```
29+
python fast_subdomain_scanner.py hackthissite.org -l subdomains.txt -t 10
30+
```
31+
After a while, it **outputs:**
32+
```
33+
[+] Discovered subdomain: http://mail.hackthissite.org
34+
[+] Discovered subdomain: http://www.hackthissite.org
35+
[+] Discovered subdomain: http://forum.hackthissite.org
36+
[+] Discovered subdomain: http://admin.hackthissite.org
37+
[+] Discovered subdomain: http://stats.hackthissite.org
38+
[+] Discovered subdomain: http://forums.hackthissite.org
39+
```
40+
- For bigger subdomain wordlists, check [this repository](https://github.com/rbsec/dnscan).
Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
importrequests
2+
fromthreadingimportThread,active_count
3+
fromqueueimportQueue
4+
importtime
5+
6+
q=Queue()
7+
8+
defscan_subdomains(domain):
9+
globalq
10+
whileTrue:
11+
# get the subdomain from the queue
12+
subdomain=q.get()
13+
# scan the subdomain
14+
url=f"http://{subdomain}.{domain}"
15+
try:
16+
requests.get(url)
17+
exceptrequests.ConnectionError:
18+
pass
19+
else:
20+
print("[+] Discovered subdomain:",url)
21+
22+
# we're done with scanning that subdomain
23+
q.task_done()
24+
25+
26+
defmain(domain,n_threads,subdomains):
27+
globalq
28+
29+
# fill the queue with all the subdomains
30+
forsubdomaininsubdomains:
31+
q.put(subdomain)
32+
33+
fortinrange(n_threads):
34+
# start all threads
35+
worker=Thread(target=scan_subdomains,args=(domain,))
36+
# daemon thread means a thread that will end when the main thread ends
37+
worker.daemon=True
38+
worker.start()
39+
40+
41+
42+
43+
defprint_n_threads():
44+
whileTrue:
45+
print("Number of alive threads:",active_count())
46+
time.sleep(10)
47+
48+
49+
if__name__=="__main__":
50+
importargparse
51+
parser=argparse.ArgumentParser(description="Faster Subdomain Scanner using Threads")
52+
parser.add_argument("domain",help="Domain to scan for subdomains without protocol (e.g without 'http://' or 'https://')")
53+
parser.add_argument("-l","--wordlist",help="File that contains all subdomains to scan, line by line. Default is subdomains.txt",
54+
default="subdomains.txt")
55+
parser.add_argument("-t","--num-threads",help="Number of threads to use to scan the domain. Default is 10",default=10,type=int)
56+
57+
args=parser.parse_args()
58+
domain=args.domain
59+
wordlist=args.wordlist
60+
num_threads=args.num_threads
61+
62+
# t = Thread(target=print_n_threads)
63+
# t.daemon = True
64+
# t.start()
65+
66+
main(domain=domain,n_threads=num_threads,subdomains=open(wordlist).read().splitlines())
67+
q.join()
68+
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
requests
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
importrequests
2+
3+
# the domain to scan for subdomains
4+
domain="google.com"
5+
6+
# read all subdomains
7+
file=open("subdomains.txt")
8+
# read all content
9+
content=file.read()
10+
# split by new lines
11+
subdomains=content.splitlines()
12+
13+
forsubdomaininsubdomains:
14+
# construct the url
15+
url=f"http://{subdomain}.{domain}"
16+
try:
17+
# if this raises an ERROR, that means the subdomain does not exist
18+
requests.get(url)
19+
exceptrequests.ConnectionError:
20+
# if the subdomain does not exist, just pass, print nothing
21+
pass
22+
else:
23+
print("[+] Discovered subdomain:",url)
Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
www
2+
mail
3+
ftp
4+
localhost
5+
webmail
6+
smtp
7+
pop
8+
ns1
9+
webdisk
10+
ns2
11+
cpanel
12+
whm
13+
autodiscover
14+
autoconfig
15+
m
16+
imap
17+
test
18+
ns
19+
blog
20+
pop3
21+
dev
22+
www2
23+
admin
24+
forum
25+
news
26+
vpn
27+
ns3
28+
mail2
29+
new
30+
mysql
31+
old
32+
lists
33+
support
34+
mobile
35+
mx
36+
static
37+
docs
38+
beta
39+
shop
40+
sql
41+
secure
42+
demo
43+
cp
44+
calendar
45+
wiki
46+
web
47+
media
48+
email
49+
images
50+
img
51+
www1
52+
intranet
53+
portal
54+
video
55+
sip
56+
dns2
57+
api
58+
cdn
59+
stats
60+
dns1
61+
ns4
62+
www3
63+
dns
64+
search
65+
staging
66+
server
67+
mx1
68+
chat
69+
wap
70+
my
71+
svn
72+
mail1
73+
sites
74+
proxy
75+
ads
76+
host
77+
crm
78+
cms
79+
backup
80+
mx2
81+
lyncdiscover
82+
info
83+
apps
84+
download
85+
remote
86+
db
87+
forums
88+
store
89+
relay
90+
files
91+
newsletter
92+
app
93+
live
94+
owa
95+
en
96+
start
97+
sms
98+
office
99+
exchange
100+
ipv4

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp