• Stars
    star
    151
  • Rank 246,057 (Top 5 %)
  • Language
    Python
  • Created almost 7 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys

Censys Enumeration

  • A script to extract subdomains/emails for a given domain using SSL/TLS certificates dataset on Censys
  • The output is in JSON format

Demo

script-in-action

Screenshots

Non verbose mode

non-verbose

Verbose mode

verbose

Sample JSON output

non-verbose

3rd party package dependency

censys

click

Setup

  • Clone this repo
$ git clone [email protected]:yamakira/censys-enumeration.git
  • Install dependencies
$ pip install -r requirements.txt
  • Get Censys API ID and Censys API secret by creating a account on https://censys.io

  • Add Censys API ID and Censys API secret as CENSYS_API_ID & CENSYS_API_SECRET respectively to the OS environment variables. On Linux you can use a command similar to following to do this

$ export CENSYS_API_SECRET="iySd1n0l2JLnHTMisbFHzxClFuE0"
  • Check help menu
$ python censys_enumeration.py --help                                                                                                 
Usage: censys_enumeration.py [OPTIONS] FILE

Options:
  --verbose                       Verbose output
  --subdomains / --no-subdomains  Enable/Disable subdomain enumeration
  --emails / --no-emails          Enable/Disable email enumeration
  --help                          Show this message and exit.

Usage

  • Subdomain and email enumeration
$ python censys_enumeration.py domains.txt
  • Only subdomain enumeration
$ python censys_enumeration.py --no-emails domains.txt 
  • Only email enumeration
$ python censys_enumeration.py --no-sudomains domains.txt 
  • Verbose output
$ python censys_enumeration.py --verbose domains.txt 
  • Output to custom file

$ python censys_enumeration.py --verbose --outfile results.json domains.txt

More Repositories

1

art-of-packet-crafting-with-scapy

A workshop on Packet Crafting using Scapy.
Python
150
star
2

domains-from-csp

A script to extract domain names from Content Security Policy(CSP) headers
Python
105
star
3

assets-from-spf

A Python script to parse net blocks & domain names from SPF record
Python
82
star
4

slurp-old

A tool to enumerate S3 buckets manually or via certstream
Go
80
star
5

hardware-hacking-for-software-folks

40
star
6

datasploit

Utilizing various Open Source Intelligence (OSINT) tools and techniques that we have found to be effective, DataSploit brings them all into one place, correlates the raw data captured and gives the user, all the relevant information about the domain/email/ phone number/person, etc. It allows you to collect relevant information about a target which can expand your attack/defence surface very quickly. Sometimes it might even pluck the low hanging fruits for you without even touching the target and give you quick wins. More documentation here: http://datasploit.readthedocs.io/en/latest/.
Python
28
star
7

scapy-scripts

A collection of scapy scripts, mostly security stuff.
Python
17
star
8

python-network-programming

A workshop on network programming using the Python language.
8
star
9

nic.in-subdomain-tracker

A repo to track subdomains of nic.in
7
star
10

Effective-OpenSSH-Client-Usage-Workshop

A workshop on using OpenSSH client suite effectively
HTML
6
star
11

ctlog-utilities

Quick and dirty utilities I scribbled while digging through Certificate Transparency logs using crt.sh
Python
6
star
12

GoI-subdomains-directory

List of subdomains/web apps by Government of India (GoI).
4
star
13

talks

Collection of slides/presentations from various talk that I have given in the past.
3
star
14

understanding-wmi

Repo for "Understanding WMI" talk given at Null, Bangalore March 10th 2018
CSS
2
star
15

dotfiles

A collection of personal dotfiles. i3wm, zsh and Dell XPS 13 9350
2
star
16

dns-for-penetration-testers-nullblr

DNS for penetration testers talk given at Nullblr June 2017.
CSS
2
star
17

yamakira.github.io

personal website/blog - http://disruptivelabs.in
JavaScript
2
star
18

pyliners

A collection of Python onliners
2
star
19

python-for-system-administration

A workshop on using Python language for system administration
Shell
2
star
20

python-foundations

Online notes for this workshop is available at -
Python
1
star
21

protocols-for-penetration-testers

A meta repository to keep track of infomation about series of workshops, titled "Protocols for Penetration Testers"
1
star
22

insecuredns

insecuredns is a damn vulnerable DNS server to demonstrate common vulnerabilities in DNS implementations
1
star