aquatone 0.4.1 → 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +15 -1
  3. data/lib/aquatone/collector.rb +4 -0
  4. data/lib/aquatone/collectors/ptrarchive.rb +21 -0
  5. data/lib/aquatone/collectors/publicwww.rb +34 -0
  6. data/lib/aquatone/collectors/wayback_machine.rb +41 -0
  7. data/lib/aquatone/commands/discover.rb +2 -0
  8. data/lib/aquatone/detectors/fastly.rb +4 -1
  9. data/lib/aquatone/version.rb +1 -1
  10. data/subdomains.lst +1 -0
  11. metadata +5 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: baf48eeafa767353c69d4a516f55acf3a8564fe1
4
- data.tar.gz: b5abde13dde9cf2cda34c4dca4f8d69184b0b56d
3
+ metadata.gz: c14050e82d9cc20270db7e87a40e6bcc0a1e3e50
4
+ data.tar.gz: 9a3c750f6c31b0fa4d04484fa945b88a9b1a42fa
5
5
  SHA512:
6
- metadata.gz: d174b9c82b96992bdc75a8f4ffb9e9d74c93a901ec58478487a28c597d769382a1e7b68cc5bd79a7d0bcc0e54175c74be6e61539f56d06e3d848ef002d52d270
7
- data.tar.gz: 062654c4512f11b8abf86b621b47dd6183ffa096eb2bb54b06cfe3fe4c3985a74d0aff9314f64583cc0f83f3314c24cf52ccdc2ac02bb459030ce4f1949b7aaf
6
+ metadata.gz: 3450460b07ac57523d99708dbce207a2ce408996099253a30985a2c401ba961e1ed46ccdf217a78740f44f95771dfcbf5a0363a04dc1080bcbf4177b9243e60d
7
+ data.tar.gz: bce8b495f0e4f190ee123e89ddbe70addf9e0ebc73bf48330a604493cb6b0a70b9dcfeb797dc181edd1ab11d1ebdbcf628e299d87d24c43e2c706ffad19a4b77
data/CHANGELOG.md CHANGED
@@ -9,6 +9,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
9
9
 
10
10
  ### Changed
11
11
 
12
+ ## [0.5.0]
13
+
14
+ ### Added
15
+ - New Collector: Wayback Machine (archive.org) (Thanks, [@jolle](https://github.com/jolle)!)
16
+ - New Collector: ptrarchive.com
17
+ - New Collector: publicwww.com
18
+
19
+ ### Changed
20
+
21
+ ### Fixed
22
+ - Detect false positive situation in fastly.com Takeover module (Thanks, [@ramimac](https://github.com/ramimac)!)
23
+
12
24
  ## [0.4.1]
13
25
 
14
26
  ### Added
@@ -68,9 +80,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
68
80
 
69
81
  ### Changed
70
82
 
71
- [Unreleased]: https://github.com/michenriksen/aquatone/compare/v0.4.1...HEAD
83
+ [Unreleased]: https://github.com/michenriksen/aquatone/compare/v0.5.0...HEAD
84
+ [0.5.0]: https://github.com/michenriksen/aquatone/compare/v0.4.1...v0.5.0
72
85
  [0.4.1]: https://github.com/michenriksen/aquatone/compare/v0.4.0...v0.4.1
73
86
  [0.4.0]: https://github.com/michenriksen/aquatone/compare/v0.3.0...v0.4.0
74
87
  [0.3.0]: https://github.com/michenriksen/aquatone/compare/v0.2.0...v0.3.0
75
88
  [0.2.0]: https://github.com/michenriksen/aquatone/compare/v0.1.1...v0.2.0
76
89
  [0.1.1]: https://github.com/michenriksen/aquatone/compare/v0.1.0...v0.1.1
90
+
data/lib/aquatone/collector.rb CHANGED
@@ -78,6 +78,10 @@ module Aquatone
78
78
  CGI.escape(string)
79
79
  end
80
80
 
81
+ def regex_escape(string)
82
+ Regexp.escape(string)
83
+ end
84
+
81
85
  def random_sleep(seconds)
82
86
  random_sleep = ((1 - (rand(30) * 0.01)) * seconds.to_i)
83
87
  sleep(random_sleep)
data/lib/aquatone/collectors/ptrarchive.rb ADDED
@@ -0,0 +1,21 @@
1
+ module Aquatone
2
+ module Collectors
3
+ class Ptrarchive < Aquatone::Collector
4
+ self.meta = {
5
+ :name => "PTRArchive",
6
+ :author => "Michael Henriksen (@michenriksen)",
7
+ :description => "Uses ptrarchive.com to find subdomains"
8
+ }
9
+
10
+ def run
11
+ response = get_request("http://ptrarchive.com/tools/search.htm?label=#{url_escape(domain.name)}&date=ALL")
12
+ if response.code != 200
13
+ failure("PTRArchive returned unexpected response code: #{response.code}")
14
+ end
15
+ response.body.scan(/[a-z0-9\.\-_]+\.#{regex_escape(domain.name)}/).each do |host|
16
+ add_host(host)
17
+ end
18
+ end
19
+ end
20
+ end
21
+ end
data/lib/aquatone/collectors/publicwww.rb ADDED
@@ -0,0 +1,34 @@
1
+ module Aquatone
2
+ module Collectors
3
+ class Publicwww < Aquatone::Collector
4
+ self.meta = {
5
+ :name => "PublicWWW",
6
+ :author => "Michael Henriksen (@michenriksen)",
7
+ :description => "Uses the publicwww.com source code search engine to find subdomains",
8
+ :cli_options => {
9
+ "publicwww-pages PAGES" => "Number of PublicWWW pages to process (default: 30)"
10
+ }
11
+ }
12
+
13
+ DEFAULT_PAGES_TO_PROCESS = 30.freeze
14
+
15
+ def run
16
+ pages_to_process.times do |page|
17
+ response = get_request("https://publicwww.com/websites/.#{url_escape(domain.name)}/#{page + 1}")
18
+ response.body.gsub("<b>", "").gsub("</b>", "").scan(/[a-z0-9\.\-_]+\.#{regex_escape(domain.name)}/).each do |host|
19
+ add_host(host)
20
+ end
21
+ end
22
+ end
23
+
24
+ private
25
+
26
+ def pages_to_process
27
+ if has_cli_option?("publicwww-pages")
28
+ return get_cli_option("publicwww-pages").to_i
29
+ end
30
+ DEFAULT_PAGES_TO_PROCESS
31
+ end
32
+ end
33
+ end
34
+ end
data/lib/aquatone/collectors/wayback_machine.rb ADDED
@@ -0,0 +1,41 @@
1
+ require 'uri'
2
+
3
+ module Aquatone
4
+ module Collectors
5
+ class WaybackMachine < Aquatone::Collector
6
+ self.meta = {
7
+ :name => "Wayback Machine",
8
+ :author => "Joel (@jolle)",
9
+ :description => "Uses Wayback Machine by Internet Archive to find unique hostnames",
10
+ :cli_options => {
11
+ "wayback-machine-timeout SECONDS" => "Timeout for Wayback Machine collector in seconds (default: 30)"
12
+ }
13
+ }
14
+
15
+ DEFAULT_TIMEOUT = 30.freeze
16
+
17
+ def run
18
+ response = nil
19
+ Timeout::timeout(timeout) do
20
+ response = get_request("http://web.archive.org/cdx/search/cdx?url=*.#{url_escape(domain.name)}&output=json&fl=original&collapse=urlkey")
21
+ end
22
+ response.parsed_response.each do |page|
23
+ if page[0] != "original"
24
+ begin
25
+ add_host(URI.parse(page[0]).host)
26
+ rescue URI::Error; end
27
+ end
28
+ end
29
+ end
30
+
31
+ private
32
+
33
+ def timeout
34
+ if has_cli_option?("wayback-machine-timeout")
35
+ return get_cli_option("wayback-machine-timeout").to_i
36
+ end
37
+ DEFAULT_TIMEOUT
38
+ end
39
+ end
40
+ end
41
+ end
data/lib/aquatone/commands/discover.rb CHANGED
@@ -84,6 +84,8 @@ module Aquatone
84
84
  rescue Aquatone::Collector::MissingKeyRequirement => e
85
85
  output(yellow("Skipped\n"))
86
86
  output(yellow(" -> #{e.message}\n"))
87
+ rescue Timeout::Error
88
+ output(red("Timed out\n"))
87
89
  rescue => e
88
90
  output(red("Error\n"))
89
91
  output(red(" -> #{e.message}\n"))
data/lib/aquatone/detectors/fastly.rb CHANGED
@@ -9,12 +9,15 @@ module Aquatone
9
9
  }
10
10
 
11
11
  CNAME_VALUE = ".fastly.net".freeze
12
+ CNAME_FALSE_POSITIVE = ".map.fastly.net".freeze
12
13
  RESPONSE_FINGERPRINT = "Fastly error: unknown domain".freeze
13
14
 
14
15
  def run
15
16
  return false unless cname_resource?
16
17
  if resource_value.end_with?(CNAME_VALUE)
17
- return get_request("http://#{host}/").body.include?(RESPONSE_FINGERPRINT)
18
+ unless resource_value.end_with?(CNAME_FALSE_POSITIVE)
19
+ return get_request("http://#{host}/").body.include?(RESPONSE_FINGERPRINT)
20
+ end
18
21
  end
19
22
  false
20
23
  end
data/lib/aquatone/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Aquatone
2
- VERSION = "0.4.1".freeze
2
+ VERSION = "0.5.0".freeze
3
3
  end
data/subdomains.lst CHANGED
@@ -3343,6 +3343,7 @@ jedi
3343
3343
  jeff
3344
3344
  jemmy
3345
3345
  jenkins
3346
+ jenkins101
3346
3347
  jenkins-01
3347
3348
  jenkins-02
3348
3349
  jenkins-03
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aquatone
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 0.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Henriksen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-09-22 00:00:00.000000000 Z
11
+ date: 2017-09-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: httparty
@@ -118,10 +118,13 @@ files:
118
118
  - lib/aquatone/collectors/hackertarget.rb
119
119
  - lib/aquatone/collectors/netcraft.rb
120
120
  - lib/aquatone/collectors/passivetotal.rb
121
+ - lib/aquatone/collectors/ptrarchive.rb
122
+ - lib/aquatone/collectors/publicwww.rb
121
123
  - lib/aquatone/collectors/riddler.rb
122
124
  - lib/aquatone/collectors/shodan.rb
123
125
  - lib/aquatone/collectors/threatcrowd.rb
124
126
  - lib/aquatone/collectors/virustotal.rb
127
+ - lib/aquatone/collectors/wayback_machine.rb
125
128
  - lib/aquatone/command.rb
126
129
  - lib/aquatone/commands/discover.rb
127
130
  - lib/aquatone/commands/gather.rb