【转载】通过证书情报发现子域名

证书透明度(Certificate Transparency, CT)日志提供了一个公开的证书记录,可以用来发现域名。

技术原理:通过查询与目标域名相关的SSL/TLS证书,可以找到不同子域名的信息,因为这些证书通常包含了申请证书的域名信息。

示例代码:使用crt.sh && certspotter 的API进行查询。

import requests
import concurrent.futures

def fetch_from_crtsh(domain):
    try:
        url = f"https://crt.sh/?q=%.{domain}&output=json"
        response = requests.get(url)
        if response.status_code == 200:
            return set(cert['name_value'] for cert in response.json() if 'name_value' in cert)
    except Exception as e:
        print(f"Error fetching from crt.sh: {e}")
    return set()

def fetch_from_certspotter(domain):
    try:
        url = f"https://api.certspotter.com/v1/issuances?domain={domain}&expand=dns_names"
        response = requests.get(url)
        if response.status_code == 200:
            return set(name for cert in response.json() for name in cert['dns_names'])
    except Exception as e:
        print(f"Error fetching from CertSpotter: {e}")
    return set()

def main(domain):
    with concurrent.futures.ThreadPoolExecutor() as executor:
        futures = [
            executor.submit(fetch_from_crtsh, domain),
            executor.submit(fetch_from_certspotter, domain)
        ]
        results = set().union(*[future.result() for future in concurrent.futures.as_completed(futures)])
    
    print(f"Found {len(results)} unique subdomains for {domain}:")
    for subdomain in sorted(results):
        print(subdomain)

if __name__ == "__main__":
    domain = "baidu.com"  # 替换为你感兴趣的域名
    main(domain)

转载自:https://blog.csdn.net/shldblj/article/details/136164790

评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值