Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/christophetd/censys-subdomain-finder
⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
https://github.com/christophetd/censys-subdomain-finder
bugbounty certificate-transparency-logs enumerate-subdomains osint pentest-tool pentesting recon subdomain-enumeration subdomain-scanner subdomains
Last synced: 8 days ago
JSON representation
⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
- Host: GitHub
- URL: https://github.com/christophetd/censys-subdomain-finder
- Owner: christophetd
- Created: 2018-01-15T11:29:42.000Z (almost 7 years ago)
- Default Branch: main
- Last Pushed: 2023-06-13T19:25:41.000Z (over 1 year ago)
- Last Synced: 2024-10-16T01:48:38.236Z (about 2 months ago)
- Topics: bugbounty, certificate-transparency-logs, enumerate-subdomains, osint, pentest-tool, pentesting, recon, subdomain-enumeration, subdomain-scanner, subdomains
- Language: Python
- Homepage:
- Size: 26.4 KB
- Stars: 733
- Watchers: 14
- Forks: 127
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
- awesome-bugbounty-tools - censys-subdomain-finder - Perform subdomain enumeration using the certificate transparency logs from Censys. (Recon / Subdomain Enumeration)
- awesome-ip-search-engines - Censys Subdomain Finder
README
# Censys subdomain finder
This is a tool to enumerate subdomains using the Certificate Transparency logs stored in [Censys Search](https://search.censys.io). It should return any subdomain who has ever been issued a SSL certificate by a public CA.
See it in action:
```shell
$ python censys-subdomain-finder.py github.com[*] Searching Censys for subdomains of github.com
[*] Found 42 unique subdomains of github.com in ~1.7 seconds- hq.github.com
- talks.github.com
- cla.github.com
- github.com
- cloud.github.com
- enterprise.github.com
- help.github.com
- collector-cdn.github.com
- central.github.com
- smtp.github.com
- cas.octodemo.github.com
- schrauger.github.com
- jobs.github.com
- classroom.github.com
- dodgeball.github.com
- visualstudio.github.com
- branch.github.com
- www.github.com
- edu.github.com
- education.github.com
- import.github.com
- styleguide.github.com
- community.github.com
- server.github.com
- mac-installer.github.com
- registry.github.com
- f.cloud.github.com
- offer.github.com
- helpnext.github.com
- foo.github.com
- porter.github.com
- id.github.com
- atom-installer.github.com
- review-lab.github.com
- vpn-ca.iad.github.com
- maintainers.github.com
- raw.github.com
- status.github.com
- camo.github.com
- support.enterprise.github.com
- stg.github.com
- rs.github.com```
## Setup
1. Register an account (free) on
2. Browse to , and set two environment variables with your API ID and API secret:```shell
export CENSYS_API_ID=...
export CENSYS_API_SECRET=...
```Alternatively, you can use a `.env` file to store these values for persistence across uses:
```shell
cp .env.template .env
```Then edit the `.env` file and set the values for `CENSYS_API_ID` and `CENSYS_API_SECRET`.
3. Clone the repository:
```shell
git clone https://github.com/christophetd/censys-subdomain-finder.git
```4. Install the dependencies in a virtualenv:
```shell
cd censys-subdomain-finder
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
```## Usage
Sample usage:
```shell
python censys-subdomain-finder.py example.com
```Output the list of subdomains to a text file:
```shell
python censys-subdomain-finder.py example.com -o subdomains.txt
``````shell
usage: censys-subdomain-finder.py [-h] [-o OUTPUT_FILE]
[--censys-api-id CENSYS_API_ID]
[--censys-api-secret CENSYS_API_SECRET]
domainpositional arguments:
domain The domain to scanoptional arguments:
-h, --help show this help message and exit
-o OUTPUT_FILE, --output OUTPUT_FILE
A file to output the list of subdomains to (default:
None)
--censys-api-id CENSYS_API_ID
Censys API ID. Can also be defined using the
CENSYS_API_ID environment variable (default: None)
--censys-api-secret CENSYS_API_SECRET
Censys API secret. Can also be defined using the
CENSYS_API_SECRET environment variable (default: None)
```## Compatibility
Should run on Python 3.7+.
## Notes
The Censys API has a limit rate of 120 queries per 5 minutes window. Each invocation of this tool makes exactly one API call to Censys.
Feel free to [open an issue](https://github.com/christophetd/censys-subdomain-finder/issues/new) or to [tweet @christophetd](https://twitter.com/christophetd/) for suggestions or remarks.