-
Notifications
You must be signed in to change notification settings - Fork 1
/
google_enum.py
95 lines (76 loc) · 3.44 KB
/
google_enum.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/usr/bin/python
# -*- coding: utf8 -*-
"""
Author: psjs97 (https://github.com/psjs97)
"""
# Libraries
import os
import argparse
from urllib.parse import urlparse
from datetime import datetime
try:
from googlesearch import search
except ImportError:
print("No module named 'google' found")
# Arguments
parser = argparse.ArgumentParser(description='Google enum script: subdomain enumeration using Google dorks.',formatter_class=argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument("-d", "--domain", type=str, help="Domain to get subdomains.", required=True)
parser.add_argument("-o", "--output", type=str, help="Write subdomains to output file.", required=False)
args = parser.parse_args()
# Functions
def get_current_datetime():
now = datetime.now()
dt_string = now.strftime("%d/%m/%Y %H:%M:%S")
print("Script execution datetime: ", dt_string)
print()
def banner():
# Script banner
os.system('color')
print('\033[92m' + '\033[01m' + """
_____ _ ______
/ ____| | | | ____|
| | __ ___ ___ __ _| | ___ | |__ _ __ _ _ _ __ ___
| | |_ |/ _ \ / _ \ / _` | |/ _ \ | __| | '_ \| | | | '_ ` _ \
| |__| | (_) | (_) | (_| | | __/ | |____| | | | |_| | | | | | |
\_____|\___/ \___/ \__, |_|\___| |______|_| |_|\__,_|_| |_| |_|
__/ |
|___/
""" + '\033[0m')
print('\033[93m' + '\033[01m' +"[ Author: psjs97 ] | https://github.com/psjs97\n" + '\033[0m')
def get_domain_variations(domain):
# Domain variations for Google query
domain_variations_list = []
domain_variations_list.append(domain + '.*') # query: site.com.*
domain_variations_list.append('*.' + domain) # query: *.site.com
domain_variations_list.append('*.*.' + domain) # query: *.*.site.com
domain_variations_list.append('*.*.*.' + domain) # query: *.*.*.site.com
domain_variations_list.append('*.*.*.*.' + domain) # query: *.*.*.*.site.com
return domain_variations_list
def get_subdomains_from_google(domain):
domain_variations_list = get_domain_variations(domain)
total_urls_list = []
for variation in domain_variations_list:
google_query = "site:DOMAIN"
google_query = google_query.replace('DOMAIN', variation)
user_agent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0'
urls_list = list(search(google_query, tld="co.in", num=10, stop=None, pause=15.0, user_agent=user_agent))
total_urls_list.extend(urls_list)
subdomains_result = []
for url in total_urls_list:
subdomains_result.append(urlparse(url).netloc)
subdomains_result = list(set(subdomains_result)) # Remove duplicated subdomains
return subdomains_result
def write_output_file(output_file, subdomains_result):
with open(output_file, "w") as f:
f.write("\n".join(str(subdomain) for subdomain in subdomains_result))
def main():
banner()
get_current_datetime()
subdomains_result = get_subdomains_from_google(args.domain)
if args.output is not None:
write_output_file(args.output, subdomains_result)
else:
for subdomain in subdomains_result:
print(subdomain)
if __name__=='__main__':
main()