Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/unapibageek/ctfr

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
https://github.com/unapibageek/ctfr

certificate-transparency certificate-transparency-logs hacking information-gathering pentesting

Last synced: about 1 month ago
JSON representation

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Awesome Lists containing this project

README 

        
# CTFR

Do you miss AXFR technique? This tool allows to get the subdomains from a HTTP**S** website in a few seconds.  

How it works? CTFR does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs.  

For more information about CT logs, check www.certificate-transparency.org and [crt.sh](https://crt.sh/).



## Getting Started

Please, follow the instructions below for installing and run CTFR.



### Pre-requisites

Make sure you have installed the following tools:

```

Python 3.0 or later.

pip3 (sudo apt-get install python3-pip).

```



### Installing

```bash

$ git clone https://github.com/UnaPibaGeek/ctfr.git

$ cd ctfr

$ pip3 install -r requirements.txt

```



### Running

```bash

$ python3 ctfr.py --help

```



## Usage

Parameters and examples of use.



### Parameters

```

-d --domain [target_domain] (required)

-o --output [output_file] (optional)

```



### Examples

```bash

$ python3 ctfr.py -d starbucks.com

```

```bash

$ python3 ctfr.py -d facebook.com -o /home/shei/subdomains_fb.txt

```



### With Docker

I think it's a little bit crazy to use Docker for running such a little python script, but if you want to do it anyway, you can use [this Docker image](https://hub.docker.com/r/unapibageek/ctfr).



The instructions are there.



## Screenshots



  






  




## Author

* *Sheila A. Berta - [(@UnaPibaGeek)](https://www.twitter.com/UnaPibaGeek).*