Windows powershell version

[iL3sor]

Example usage: .\crt_v2.ps1 -Domain unisys.com

[CmdletBinding()]
param(
    [Parameter(ParameterSetName='Domain')]
    [string]$Domain,

    [Parameter(ParameterSetName='Organization')]
    [string]$Organization,

    [Parameter(ParameterSetName='Help')]
    [switch]$Help
)

# Display banner
function Show-Banner {
    Write-Host ""
    Write-Host "+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"
    Write-Host "|      ..| search crt.sh v 2.0 |..    |"
    Write-Host "+   site : crt.sh Certificate Search  +"
    Write-Host "|            Twitter: az7rb           |"
    Write-Host "+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"
    Write-Host ""
}

# Function: Help
function Show-Help {
    Write-Host "Options:"
    Write-Host ""
    Write-Host "-Domain <domain>        Search Domain Name       | Example: .\crt_v2.ps1 -Domain hackerone.com"
    Write-Host "-Organization <org>     Search Organization Name | Example: .\crt_v2.ps1 -Organization 'hackerone inc'"
    Write-Host "-Help                   Show this help message"
    Write-Host ""
}

# Function: Clean Results
function Clean-Results {
    param(
        [Parameter(ValueFromPipeline=$true)]
        [string[]]$InputObject
    )

    begin {
        $results = @()
    }

    process {
        foreach ($item in $InputObject) {
            if ($item) {
                # Remove wildcards
                $cleaned = $item -replace '\*\.', ''
                # Filter out email addresses and empty strings
                if ($cleaned -and $cleaned -notmatch '[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}') {
                    $results += $cleaned
                }
            }
        }
    }

    end {
        $results | Sort-Object -Unique
    }
}

# Function: Search Domain
function Search-Domain {
    param(
        [Parameter(Mandatory=$true)]
        [string]$DomainName
    )

    Write-Host "Searching for domain: $DomainName" -ForegroundColor Cyan
    Write-Host ""

    # Perform the search request to crt.sh
    try {
        $url = "https://crt.sh?q=%.$DomainName&output=json"
        Write-Host "Querying: $url" -ForegroundColor Gray
        $response = Invoke-RestMethod -Uri $url -Method Get -ErrorAction Stop -TimeoutSec 30
    }
    catch {
        Write-Host "Error: Unable to connect to crt.sh" -ForegroundColor Red
        Write-Host $_.Exception.Message -ForegroundColor Red
        return
    }

    # Check if the response is empty
    if (-not $response -or $response.Count -eq 0) {
        Write-Host "No results found for domain $DomainName" -ForegroundColor Yellow
        return
    }

    Write-Host "Processing $($response.Count) certificates..." -ForegroundColor Gray

    # Process the response and extract common names and name values
    $domains = @()
    foreach ($cert in $response) {
        if ($cert.common_name) {
            $domains += $cert.common_name
        }
        if ($cert.name_value) {
            # Split multi-line name_value entries
            $nameValues = $cert.name_value -split "`n"
            $domains += $nameValues
        }
    }

    # Clean and filter the results
    $results = $domains | Clean-Results

    # Check if there are any valid results after cleaning
    if (-not $results -or $results.Count -eq 0) {
        Write-Host "No valid results found." -ForegroundColor Yellow
        return
    }

    # Display the results and summary
    Write-Host ""
    $results | ForEach-Object { Write-Host $_ }
    Write-Host ""
    Write-Host "[+] " -ForegroundColor Green -NoNewline
    Write-Host "Total found: " -NoNewline
    Write-Host "$($results.Count)" -ForegroundColor Red -NoNewline
    Write-Host " unique domains"
}

# Function: Search Organization
function Search-Organization {
    param(
        [Parameter(Mandatory=$true)]
        [string]$OrgName
    )

    Write-Host "Searching for organization: $OrgName" -ForegroundColor Cyan
    Write-Host ""

    # Perform the search request to crt.sh
    try {
        $url = "https://crt.sh?q=$OrgName&output=json"
        Write-Host "Querying: $url" -ForegroundColor Gray
        $response = Invoke-RestMethod -Uri $url -Method Get -ErrorAction Stop -TimeoutSec 30
    }
    catch {
        Write-Host "Error: Unable to connect to crt.sh" -ForegroundColor Red
        Write-Host $_.Exception.Message -ForegroundColor Red
        return
    }

    # Check if the response is empty
    if (-not $response -or $response.Count -eq 0) {
        Write-Host "No results found for organization $OrgName" -ForegroundColor Yellow
        return
    }

    Write-Host "Processing $($response.Count) certificates..." -ForegroundColor Gray

    # Process the response and extract common names
    $domains = @()
    foreach ($cert in $response) {
        if ($cert.common_name) {
            $domains += $cert.common_name
        }
    }

    # Clean and filter the results
    $results = $domains | Clean-Results

    # Check if there are any valid results after cleaning
    if (-not $results -or $results.Count -eq 0) {
        Write-Host "No valid results found." -ForegroundColor Yellow
        return
    }

    # Display the results and summary
    Write-Host ""
    $results | ForEach-Object { Write-Host $_ }
    Write-Host ""
    Write-Host "[+] " -ForegroundColor Green -NoNewline
    Write-Host "Total found: " -NoNewline
    Write-Host "$($results.Count)" -ForegroundColor Red -NoNewline
    Write-Host " unique domains"
}

# Main Script Logic
Show-Banner

# Check if help is requested or no parameters provided
if ($Help -or (-not $Domain -and -not $Organization)) {
    Show-Help
    exit 0
}

# Execute based on provided parameters
if ($Domain) {
    Search-Domain -DomainName $Domain
}
elseif ($Organization) {
    Search-Organization -OrgName $Organization
}