search

blacklanternsecurity / bbot

A recursive internet scanner for hackers.
https://www.blacklanternsecurity.com/bbot/
GNU General Public License v3.0
4.19k stars 381 forks source link

How can I get discovered subdomain via python? #1017

Closed cyberduck404 closed 6 months ago

cyberduck404 commented 6 months ago

There are only event.json() in docs, how to get the subdomain list of results?

TheTechromancer commented 6 months ago

Good question! Here's a little script to do it:

from bbot.scanner import Scanner

subdomain_enum_modules = ["anubisdb", "asn", "azure_realm", "azure_tenant", "bevigil", "binaryedge", "builtwith", "c99", "censys", "certspotter", "chaos", "columbus", "crt", "digitorus", "dnscommonsrv", "dnsdumpster", "dnszonetransfer", "fullhunt", "github_codesearch", "github_org", "hackertarget", "httpx", "hunterio", "internetdb", "ipneighbor", "leakix", "massdns", "myssl", "nsec", "oauth", "otx", "passivetotal", "postman", "rapiddns", "riddler", "securitytrails", "shodan_dns", "sitedossier", "sslcert", "subdomain_hijack", "subdomaincenter", "threatminer", "urlscan", "virustotal", "wayback", "zoomeye"]

scan = Scanner("spacex.com", modules=subdomain_enum_modules)

subdomains = set()
for e in scan.start():
    if e.type == "DNS_NAME" and "in-scope" in e.tags and "subdomain" in e.tags:
        if e.data not in subdomains:
            print(e.data)
            subdomains.add(e.data)