Тема: Полезные скрипты
Показать сообщение отдельно

  #819  
Старый 22.07.2009, 16:24
[underwater]
Познающий
Регистрация: 29.03.2009
Сообщений: 87
С нами: 9010027

Репутация: 308
По умолчанию
Cегодня понадобился, думаю, может еще кому-нибудь пригодится.

Код:
# gdns.pl 
# Index all subdomains from a domain without using zone transfer or dns resolving.
# Intended use for this script is to enumerate all subdomains for a given domain.
# Author:  DiabloHorn
# Date: 16-02-2008
# Version: 0.3

#changes
# fixed the - bug
# fixed the hang bug when it reached the end of the google results
#

###TODO###
# implement rotating proxy support

###POSSIBLE BUGS###
# the need to ctrl+c if results are less then 100

use LWP::UserAgent;
use HTML::LinkExtor;
use URI::URL;

$numArgs = $#ARGV + 1;

if($numArgs != 1){
	print "gdns.pl <base domain>\n";
	print "Example: gdns.pl kd-team.com\n";
	print "Should find all subdomains indexed by google.";
	exit(1);
}
#intentionally not using quotemeta, cause it fucks up in the search
$searchitem = $ARGV[0];

#if you change this....change the regexes.
my $baseSEngine = "http://www.google.com";

#start url for searching
$url = URI->new("$baseSEngine/search?hl=en&q=site%3A$searchitem");
$ua = LWP::UserAgent->new;
$ua->agent('Opera/9.20 (Windows NT 6.0; U; en)'); #this should help us a little to fool google.

print "[*] starting subdomain search on $searchitem\n";

#hash containing all found sub domains
my %allurls = ();
#hash containing all the "next" urls from google
my %nexturls = ();

#callback for each request to parse the page
sub callback {
 my($tag, %attr) = @_;
 #for this poc we are only interested in the <a href> tags
 return if $tag ne 'a';
 my @links = values %attr;
 foreach $link(@links){
	#extract all urls that contain the base domain
	if($link =~ m!(^(http://|https://|ftp://|irc://)(([a-zA-Z0-9\-\.]*)(\.+))*$searchitem)!io){
		if (!exists $allurls{$1}){
			$allurls{$1} = $1;
			print "$1\n";
		}
	}
	
	#extract the google next urls
	if($link =~ m!/search\?q=site:$searchitem&hl=\w+&start=\d+&sa=\w!io){
		if (!exists $nexturls{$link}){
			$nexturls{$link} = $link;
		}
	}
 }
 
}

#setup the callback
$p = HTML::LinkExtor->new(\&callback);

# Request document and parse it as it arrives
$res = $ua->request(HTTP::Request->new(GET => $url),sub {$p->parse($_[0])});

$visitedGURLS = 0;
#for the moment beeing assume 10000 results.
while(1){
	if($visitedGURLS == scalar keys(%nexturls)){
		last;
	}
	foreach $nurl(sort keys(%nexturls)){
		my $value = $nexturls{$nurl};
		#prevent parsing pages twice
		if($value ne "visited"){
			my $temp = URI->new($baseSEngine.$value);
			#you can comment this out if you only want clean finds.
			#print "[*] searching next page $temp\n";
			$res = $ua->request(HTTP::Request->new(GET => $temp),sub {$p->parse($_[0])});
			$nexturls{$nurl} = "visited";
			$visitedGURLS++;
			sleep 3; #try and prevent getting blocked by google
		}
	}	
}
 
Ответить с цитированием