• Stars
    star
    237
  • Rank 169,885 (Top 4 %)
  • Language
    Python
  • License
    BSD 3-Clause "New...
  • Created over 5 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A passive subdomain finder

pdlist. A passive subdomain finder

Author: gnc

Copyright: © 2019, gnc.

Date: 2019-07-25

Version: 0.1.0

PURPOSE

pdlist is a passive subdomain finder written in python3. This tool can be used effectively to collect information about a domain without ever sending a single packet to any of its hosts. Given a domain like "example.com" it will find all the hosts which have a hostname <something>.example.com or URLs strictly related to example.com.

In order to collect informations about subdomains the software queries different publicly available websites, which at the moment are:

pdlist is very user-friendly and lightweight since the only dependencies are the following python modules:

  • requests
  • BeautifulSoup4

INSTALLATION

We can install pdlist simply by doing:

git clone https://github.com/gnebbia/pdlist
cd pdlist
pip install -r requirements.txt
python setup.py install

Notice that both pip and python should refer to version 3, so if you are not using pyenv as I am doing you should probably substitute pip with pip3 and python with python3.

USAGE

To have a list of subdomains passively of for example example.com we can do:

pdlist example.com

we can also specify multiple domains, e.g.,;

pdlist example1.com example2.com

We can save the output in a text file by doing:

pdlist example.com -o example-list.txt

Notice that by default pdlist will also output hostnames which may not really be proper subdomains of the specified domains, and this happens because those subdomains are still related to the specified domains.

If we want to only output proper subdomains we can enable the strict mode by doing:

pdlist example.com --strict

A usage example in the gif below:

NOTES

This is a minimalist passive domain finder, the aim of this project is to have few dependencies, small code footprint and easily extensible.

If you want to extend the code it is enough to add a module in the source package with a def parse(domains) method.

TODO

  • Add more passive recon sources
  • Modify the code to work in asynchrounous mode
  • Generate fancy html reports

Copyright © 2019, gnc. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer.

  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

  3. Neither the name of the author of this software nor the names of contributors to this software may be used to endorse or promote products derived from this software without specific prior written consent.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

More Repositories

1

kb

A minimalist command line knowledge base manager
Python
2,973
star
2

hydra_notes

Some notes about Hydra for bruteforcing
94
star
3

nmap_tutorial

Some collected notes about nmap
HTML
80
star
4

halive

A fast http and https prober, to check which URLs are alive
Python
66
star
5

shellcoder

Create shellcode from executable or assembly code
Perl
12
star
6

gnu_linux_appunti

Appunti in italiano da riordinare su GNU/Linux
HTML
6
star
7

av_evasion

JavaScript
5
star
8

yaasp

Yet Another ARP Spoofing Program
Perl
4
star
9

dump-hub

Self hosted search engine for data leaks and password dumps
Go
3
star
10

ncat_tutorial

Some notes about ncat
2
star
11

clojure_notes

Clojure Notes
Common Lisp
2
star
12

IBM_cybersecurity_notes

Notes for the IBM Cybersecurity Analyst Certification
2
star
13

python_notes

Some notes about how I use Python
Python
2
star
14

js_notes

My notes about modern javascript
HTML
1
star
15

ack_tutorial

A small personal reference to ack with many examples
1
star
16

statistics_notes

Some notes about statistics concepts any computer scientist should absolutely have
HTML
1
star
17

lstm_predictor

A Univariate Time Series Forecasting with Python+Keras
Jupyter Notebook
1
star
18

pandas_tutorial

Tutorial and snippets of code for Python Pandas
1
star
19

japh

Some of my japhs
Perl
1
star
20

perl_data_structures_tutorial

Perl
1
star
21

package_management_for_scripting_languages

A personal tutorial about package management for common scripting languages
1
star
22

bettercap_caplets

A collection of bettercap caplets
JavaScript
1
star
23

bash_scripting_tutorial

A personal tutorial for Bash scripting
HTML
1
star
24

iot_hacking

Python
1
star