Censys Subdomain Finder
⚡ Perform subdomain enumeration using the certificate transparency logs from Censys.
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Badssl.com | 2,423 | 7 months ago | 193 | apache-2.0 | HTML | |||||
| :lock: Memorable site for testing clients against bad SSL configs. | ||||||||||
| The One Cert | 803 | 3 years ago | 2 | JavaScript | ||||||
| One cert to rule them all: SSL cert that is valid for any and all domains + all levels of subdomains | ||||||||||
| Sublert | 687 | 2 years ago | 12 | mit | Python | |||||
| Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate. | ||||||||||
| Domain_hunter | 633 | a year ago | 2 | mit | Java | |||||
| A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件 | ||||||||||
| Censys Subdomain Finder | 556 | 3 months ago | 2 | Python | ||||||
| ⚡ Perform subdomain enumeration using the certificate transparency logs from Censys. | ||||||||||
| Ct_subdomains | 313 | 2 years ago | ||||||||
| An hourly updated list of subdomains gathered from certificate transparency logs | ||||||||||
| Getaltname | 306 | 3 years ago | 16 | October 11, 2020 | mit | Python | ||||
| Extract subdomains from SSL certificates in HTTPS sites. | ||||||||||
| Burpcollaborator Docker | 264 | 3 months ago | Python | |||||||
| This repository includes a set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate. The objective is to simplify as much as possible the process of setting up and maintaining the server. | ||||||||||
| Letsencrypt Routeros | 161 | 4 years ago | 8 | gpl-3.0 | Shell | |||||
| Let's Encrypt certificates for RouterOS / Mikrotik | ||||||||||
| Bounty Monitor | 152 | 4 years ago | mit | Python | ||||||
| Leverage certificate transparency live feed to monitor for newly issued subdomain certificates (last 90 days, configurable), for domains participating in bug bounty programs. | ||||||||||
Alternatives To Censys Subdomain FinderSelect To Compare
Alternative Project Comparisons
Readme
Censys subdomain finder
This is a tool to enumerate subdomains using the Certificate Transparency logs stored by Censys. It should return any subdomain who has ever been issued a SSL certificate by a public CA.
See it in action:
$ python censys-subdomain-finder.py github.com
[*] Searching Censys for subdomains of github.com
[*] Found 42 unique subdomains of github.com in ~1.7 seconds
- hq.github.com
- talks.github.com
- cla.github.com
- github.com
- cloud.github.com
- enterprise.github.com
- help.github.com
- collector-cdn.github.com
- central.github.com
- smtp.github.com
- cas.octodemo.github.com
- schrauger.github.com
- jobs.github.com
- classroom.github.com
- dodgeball.github.com
- visualstudio.github.com
- branch.github.com
- www.github.com
- edu.github.com
- education.github.com
- import.github.com
- styleguide.github.com
- community.github.com
- server.github.com
- mac-installer.github.com
- registry.github.com
- f.cloud.github.com
- offer.github.com
- helpnext.github.com
- foo.github.com
- porter.github.com
- id.github.com
- atom-installer.github.com
- review-lab.github.com
- vpn-ca.iad.github.com
- maintainers.github.com
- raw.github.com
- status.github.com
- camo.github.com
- support.enterprise.github.com
- stg.github.com
- rs.github.com
Setup
-
Register an account (free) on https://censys.io/register
-
Browse to https://censys.io/account, and set two environment variables with your API ID and API secret:
export CENSYS_API_ID=... export CENSYS_API_SECRET=...Alternatively, you can use a
.envfile to store these values for persistence across uses:cp .env.template .envThen edit the
.envfile and set the values forCENSYS_API_IDandCENSYS_API_SECRET. -
Clone the repository:
git clone https://github.com/christophetd/censys-subdomain-finder.git -
Install the dependencies in a virtualenv:
cd censys-subdomain-finder python3 -m venv venv source venv/bin/activate pip install -r requirements.txt
Usage
Sample usage:
python censys-subdomain-finder.py example.com
Output the list of subdomains to a text file:
python censys-subdomain-finder.py example.com -o subdomains.txt
usage: censys-subdomain-finder.py [-h] [-o OUTPUT_FILE]
[--censys-api-id CENSYS_API_ID]
[--censys-api-secret CENSYS_API_SECRET]
domain
positional arguments:
domain The domain to scan
optional arguments:
-h, --help show this help message and exit
-o OUTPUT_FILE, --output OUTPUT_FILE
A file to output the list of subdomains to (default:
None)
--censys-api-id CENSYS_API_ID
Censys API ID. Can also be defined using the
CENSYS_API_ID environment variable (default: None)
--censys-api-secret CENSYS_API_SECRET
Censys API secret. Can also be defined using the
CENSYS_API_SECRET environment variable (default: None)
Compatibility
Should run on Python 2.7 and 3.5.
Notes
The Censys API has a limit rate of 120 queries per 5 minutes window. Each invocation of this tool makes exactly one API call to Censys.
Feel free to open an issue or to tweet @christophetd for suggestions or remarks.
Popular Certificate Projects
Popular Subdomain Projects
Popular Security Categories
Related Searches
Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Python
Certificate
Finder
Penetration Testing
Subdomain
Osint
Recon
Pentest Tool
Subdomain Scanner