SHARE
TWEET

DiabloHorn

a guest Jul 20th, 2009 604 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # gdns.pl
  2. # Index all subdomains from a domain without using zone transfer or dns resolving.
  3. # Intended use for this script is to enumerate all subdomains for a given domain.
  4. # Author:  DiabloHorn
  5. # Date: 16-02-2008
  6. # Version: 0.3
  7.  
  8. #changes
  9. # fixed the - bug
  10. # fixed the hang bug when it reached the end of the google results
  11. #
  12.  
  13. ###TODO###
  14. # implement rotating proxy support
  15.  
  16. ###POSSIBLE BUGS###
  17. # the need to ctrl+c if results are less then 100
  18.  
  19. use LWP::UserAgent;
  20. use HTML::LinkExtor;
  21. use URI::URL;
  22.  
  23. $numArgs = $#ARGV + 1;
  24.  
  25. if($numArgs != 1){
  26.         print "gdns.pl <base domain>\n";
  27.         print "Example: gdns.pl kd-team.com\n";
  28.         print "Should find all subdomains indexed by google.";
  29.         exit(1);
  30. }
  31. #intentionally not using quotemeta, cause it fucks up in the search
  32. $searchitem = $ARGV[0];
  33.  
  34. #if you change this....change the regexes.
  35. my $baseSEngine = "http://www.google.com";
  36.  
  37. #start url for searching
  38. $url = URI->new("$baseSEngine/search?hl=en&q=site%3A$searchitem");
  39. $ua = LWP::UserAgent->new;
  40. $ua->agent('Opera/9.20 (Windows NT 6.0; U; en)'); #this should help us a little to fool google.
  41.  
  42. print "[*] starting subdomain search on $searchitem\n";
  43.  
  44. #hash containing all found sub domains
  45. my %allurls = ();
  46. #hash containing all the "next" urls from google
  47. my %nexturls = ();
  48.  
  49. #callback for each request to parse the page
  50. sub callback {
  51.  my($tag, %attr) = @_;
  52.  #for this poc we are only interested in the <a href> tags
  53.  return if $tag ne 'a';
  54.  my @links = values %attr;
  55.  foreach $link(@links){
  56.         #extract all urls that contain the base domain
  57.         if($link =~ m!(^(http://|https://|ftp://|irc://)(([a-zA-Z0-9\-\.]*)(\.+))*$searchitem)!io){
  58.                 if (!exists $allurls{$1}){
  59.                         $allurls{$1} = $1;
  60.                         print "$1\n";
  61.                 }
  62.         }
  63.        
  64.         #extract the google next urls
  65.         if($link =~ m!/search\?q=site:$searchitem&hl=\w+&start=\d+&sa=\w!io){
  66.                 if (!exists $nexturls{$link}){
  67.                         $nexturls{$link} = $link;
  68.                 }
  69.         }
  70.  }
  71.  
  72. }
  73.  
  74. #setup the callback
  75. $p = HTML::LinkExtor->new(\&callback);
  76.  
  77. # Request document and parse it as it arrives
  78. $res = $ua->request(HTTP::Request->new(GET => $url),sub {$p->parse($_[0])});
  79.  
  80. $visitedGURLS = 0;
  81. #for the moment beeing assume 10000 results.
  82. while(1){
  83.         if($visitedGURLS == scalar keys(%nexturls)){
  84.                 last;
  85.         }
  86.         foreach $nurl(sort keys(%nexturls)){
  87.                 my $value = $nexturls{$nurl};
  88.                 #prevent parsing pages twice
  89.                 if($value ne "visited"){
  90.                         my $temp = URI->new($baseSEngine.$value);
  91.                         #you can comment this out if you only want clean finds.
  92.                         #print "[*] searching next page $temp\n";
  93.                         $res = $ua->request(HTTP::Request->new(GET => $temp),sub {$p->parse($_[0])});
  94.                         $nexturls{$nurl} = "visited";
  95.                         $visitedGURLS++;
  96.                         sleep 3; #try and prevent getting blocked by google
  97.                 }
  98.         }      
  99. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top