gauvainboiche
61 lines
2.0 KiB
Python
61 lines
2.0 KiB
Python
import requests
|
|
import sys
|
|
|
|
def get_subdomains(domain):
|
|
url = f"https://crt.sh/?q=%.{domain}&output=json"
|
|
print(f"[*] Interrogation de crt.sh pour {domain}...")
|
|
|
|
try:
|
|
headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)'}
|
|
response = requests.get(url, headers=headers, timeout=20)
|
|
|
|
response.raise_for_status()
|
|
|
|
data = response.json()
|
|
|
|
if not data:
|
|
print("[-] Aucun certificat trouvé pour ce domaine.")
|
|
return
|
|
|
|
print(f"[+] {len(data)} certificats trouvés (bruts)")
|
|
|
|
subdomains = set()
|
|
|
|
for entry in data:
|
|
name_value = entry.get('name_value', '')
|
|
|
|
for name in name_value.split('\n'):
|
|
name = name.strip().lower()
|
|
|
|
if not name.startswith('*.') and name.endswith(domain):
|
|
subdomains.add(name)
|
|
|
|
subdomains = sorted(list(subdomains))
|
|
|
|
print("[+] Sous-domaines uniques :")
|
|
for sub in subdomains:
|
|
print(f" {sub}")
|
|
|
|
output_file = f"{domain.replace('.', '_')}_subdomains.txt"
|
|
with open(output_file, 'w', encoding='utf-8') as f:
|
|
for sub in subdomains:
|
|
f.write(f"{sub}\n")
|
|
|
|
print(f"[*] Export → {output_file}")
|
|
|
|
except requests.exceptions.HTTPError as e:
|
|
print(f"[-] Erreur HTTP de la part de crt.sh (probablement une 502 ou 503) :\n {e}")
|
|
except requests.exceptions.Timeout:
|
|
print("[-] Erreur : Délai d'attente dépassé (Timeout). crt.sh est trop lent actuellement.")
|
|
except requests.exceptions.RequestException as e:
|
|
print(f"[-] Erreur réseau critique :\n {e}")
|
|
except ValueError:
|
|
print("[-] Erreur de parsing JSON. crt.sh a probablement renvoyé une page HTML d'erreur.")
|
|
|
|
if __name__ == "__main__":
|
|
if len(sys.argv) != 2:
|
|
print(f"Usage: python {sys.argv[0]} <domaine>")
|
|
sys.exit(1)
|
|
|
|
target_domain = sys.argv[1]
|
|
get_subdomains(target_domain) |