[NSE] hostmap-crtsh.nse lists subdomains using Google's Certificate Transparency logs

[Paulino Calderon <paulino () calderonpale com>]

Hey everyone,

I've included a new NSE script for information gathering in r37185. hostmap-crtsh.nse lists subdomains by querying 
Google's Certificate Transparency logs. This service is API-able according to the maintainers (https://crt.sh/forum) so 
I thought this will be a good addition to Nmap!

description = [[
Finds subdomains of a web server by querying Google's 
 Certificate Transparency logs database (https://crt.sh).
NSE implementation of ctfr.py (https://github.com/UnaPibaGeek/ctfr.git) by Sheila Berta.
References:
* www.certificate-transparency.org
]]

---
-- @args hostmap.prefix If set, saves the output for each host in a file
-- called "<prefix><target>". The file contains one entry per line.
-- @args newtargets If set, add the new hostnames to the scanning queue.
-- This the names presumably resolve to the same IP address as the
-- original target, this is only useful for services such as HTTP that
-- can change their behavior based on hostname.
--
-- @usage
-- nmap --script hostmap-crtsh --script-args 'hostmap-crtsh.prefix=hostmap-' <targets>
-- @usage
-- nmap -sn --script hostmap-crtsh <target>
-- @output
-- Host script results:
-- | hostmap-crtsh:
-- |   subdomains:
-- |     svn.nmap.org
-- |     www.nmap.org
-- |_  filename: output_nmap.org
-- @xmloutput
-- <table key="subdomains">
--  <elem>svn.nmap.org</elem>
--  <elem>www.nmap.org</elem>
--  </table>
-- <elem key="filename">output_nmap.org</elem>
---

hostmap-crtsh: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/hostmap-crtsh.nse 


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/