Nmap Development mailing list archives
[NSE] hostmap-crtsh.nse lists subdomains using Google's Certificate Transparency logs
From: Paulino Calderon <paulino () calderonpale com>
Date: Sat, 10 Mar 2018 02:38:07 -0500
Hey everyone, I've included a new NSE script for information gathering in r37185. hostmap-crtsh.nse lists subdomains by querying Google's Certificate Transparency logs. This service is API-able according to the maintainers (https://crt.sh/forum) so I thought this will be a good addition to Nmap! description = [[ Finds subdomains of a web server by querying Google's Certificate Transparency logs database (https://crt.sh). NSE implementation of ctfr.py (https://github.com/UnaPibaGeek/ctfr.git) by Sheila Berta. References: * www.certificate-transparency.org ]] --- -- @args hostmap.prefix If set, saves the output for each host in a file -- called "<prefix><target>". The file contains one entry per line. -- @args newtargets If set, add the new hostnames to the scanning queue. -- This the names presumably resolve to the same IP address as the -- original target, this is only useful for services such as HTTP that -- can change their behavior based on hostname. -- -- @usage -- nmap --script hostmap-crtsh --script-args 'hostmap-crtsh.prefix=hostmap-' <targets> -- @usage -- nmap -sn --script hostmap-crtsh <target> -- @output -- Host script results: -- | hostmap-crtsh: -- | subdomains: -- | svn.nmap.org -- | www.nmap.org -- |_ filename: output_nmap.org -- @xmloutput -- <table key="subdomains"> -- <elem>svn.nmap.org</elem> -- <elem>www.nmap.org</elem> -- </table> -- <elem key="filename">output_nmap.org</elem> --- hostmap-crtsh: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/hostmap-crtsh.nse _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] hostmap-crtsh.nse lists subdomains using Google's Certificate Transparency logs Paulino Calderon (Mar 09)
- Re: [NSE] hostmap-crtsh.nse lists subdomains using Google's Certificate Transparency logs Arturo 'Buanzo' Busleiman (Mar 10)