Subdomain-Finder/mark.py at main · fdzdev/Subdomain-Finder · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import subprocess
import os

# Set the path to your domain list file
DOMAIN_LIST_FILE = "domains.txt"

# Set the output file name
OUTPUT_FILE = "all_domains.txt"

# Set the timeout for each command (in seconds)
COMMAND_TIMEOUT = 60


def run_command(command):
    try:
        result = subprocess.run(
            command,
            shell=True,
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
            text=True,
            timeout=COMMAND_TIMEOUT,
        )
        if result.returncode != 0:
            print(f"Command failed: {command}\nError: {result.stderr}")
        return result.stdout.splitlines()
    except subprocess.TimeoutExpired:
        print(f"Command timed out: {command}")
        return []


# Use both assetfinder + subfinder
# Imp
def enumerate_subdomains(root_domain):
    assetfinder_command = f"assetfinder {root_domain}"
    subfinder_command = f"subfinder -d {root_domain}"

    subdomains = set()
    subdomains.update(run_command(assetfinder_command))
    subdomains.update(run_command(subfinder_command))

    return subdomains


def main():
    if not os.path.exists(DOMAIN_LIST_FILE):
        print(f"Domain list file not found: {DOMAIN_LIST_FILE}")
        return

    with open(DOMAIN_LIST_FILE, "r") as file:
        domains = [line.strip() for line in file]

    total_domains = len(domains)
    wildcard_domains = [domain for domain in domains if domain.startswith("*.")]
    num_wildcard_domains = len(wildcard_domains)

    print(f"Total number of domains: {total_domains}")
    print(f"Number of domains starting with '*.': {num_wildcard_domains}")

    all_domains = set()
    counter = 1

    for domain in domains:
        if domain.startswith("*."):
            root_domain = domain[2:]
            print(f"{counter}. Enumerating subdomains for: {root_domain}")
            subdomains = enumerate_subdomains(root_domain)
            all_domains.update(subdomains)
            counter += 1
        else:
            all_domains.add(domain)

    # Remove duplicates and add 'http://' to each domain
    unique_domains = {f"http://{domain}" for domain in all_domains if domain}

    # Filter out any domains that start with '*.' good to grab domains from chaos dicovery project
    unique_domains = {
        domain for domain in unique_domains if not domain.startswith("http://*")
    }

    with open(OUTPUT_FILE, "w") as file:
        for domain in sorted(unique_domains):
            file.write(domain + "\n")

    print(f"Subdomain enumeration complete. Results saved to {OUTPUT_FILE}")
    print(f"Total number of unique domains: {len(unique_domains)}")


if __name__ == "__main__":
    try:
        main()
    except KeyboardInterrupt:
        print("\nScript interrupted by user. Exiting...")