Advertisement
Guest User

DiabloHorn

a guest
Jul 20th, 2009
902
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 2.71 KB | None | 0 0
  1. # gdns.pl
  2. # Index all subdomains from a domain without using zone transfer or dns resolving.
  3. # Intended use for this script is to enumerate all subdomains for a given domain.
  4. # Author:  DiabloHorn
  5. # Date: 16-02-2008
  6. # Version: 0.3
  7.  
  8. #changes
  9. # fixed the - bug
  10. # fixed the hang bug when it reached the end of the google results
  11. #
  12.  
  13. ###TODO###
  14. # implement rotating proxy support
  15.  
  16. ###POSSIBLE BUGS###
  17. # the need to ctrl+c if results are less then 100
  18.  
  19. use LWP::UserAgent;
  20. use HTML::LinkExtor;
  21. use URI::URL;
  22.  
  23. $numArgs = $#ARGV + 1;
  24.  
  25. if($numArgs != 1){
  26.     print "gdns.pl <base domain>\n";
  27.     print "Example: gdns.pl kd-team.com\n";
  28.     print "Should find all subdomains indexed by google.";
  29.     exit(1);
  30. }
  31. #intentionally not using quotemeta, cause it fucks up in the search
  32. $searchitem = $ARGV[0];
  33.  
  34. #if you change this....change the regexes.
  35. my $baseSEngine = "http://www.google.com";
  36.  
  37. #start url for searching
  38. $url = URI->new("$baseSEngine/search?hl=en&q=site%3A$searchitem");
  39. $ua = LWP::UserAgent->new;
  40. $ua->agent('Opera/9.20 (Windows NT 6.0; U; en)'); #this should help us a little to fool google.
  41.  
  42. print "[*] starting subdomain search on $searchitem\n";
  43.  
  44. #hash containing all found sub domains
  45. my %allurls = ();
  46. #hash containing all the "next" urls from google
  47. my %nexturls = ();
  48.  
  49. #callback for each request to parse the page
  50. sub callback {
  51.  my($tag, %attr) = @_;
  52.  #for this poc we are only interested in the <a href> tags
  53.  return if $tag ne 'a';
  54.  my @links = values %attr;
  55.  foreach $link(@links){
  56.     #extract all urls that contain the base domain
  57.     if($link =~ m!(^(http://|https://|ftp://|irc://)(([a-zA-Z0-9\-\.]*)(\.+))*$searchitem)!io){
  58.         if (!exists $allurls{$1}){
  59.             $allurls{$1} = $1;
  60.             print "$1\n";
  61.         }
  62.     }
  63.    
  64.     #extract the google next urls
  65.     if($link =~ m!/search\?q=site:$searchitem&hl=\w+&start=\d+&sa=\w!io){
  66.         if (!exists $nexturls{$link}){
  67.             $nexturls{$link} = $link;
  68.         }
  69.     }
  70.  }
  71.  
  72. }
  73.  
  74. #setup the callback
  75. $p = HTML::LinkExtor->new(\&callback);
  76.  
  77. # Request document and parse it as it arrives
  78. $res = $ua->request(HTTP::Request->new(GET => $url),sub {$p->parse($_[0])});
  79.  
  80. $visitedGURLS = 0;
  81. #for the moment beeing assume 10000 results.
  82. while(1){
  83.     if($visitedGURLS == scalar keys(%nexturls)){
  84.         last;
  85.     }
  86.     foreach $nurl(sort keys(%nexturls)){
  87.         my $value = $nexturls{$nurl};
  88.         #prevent parsing pages twice
  89.         if($value ne "visited"){
  90.             my $temp = URI->new($baseSEngine.$value);
  91.             #you can comment this out if you only want clean finds.
  92.             #print "[*] searching next page $temp\n";
  93.             $res = $ua->request(HTTP::Request->new(GET => $temp),sub {$p->parse($_[0])});
  94.             $nexturls{$nurl} = "visited";
  95.             $visitedGURLS++;
  96.             sleep 3; #try and prevent getting blocked by google
  97.         }
  98.     }  
  99. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement