-
-
Save 1N3/dec432d14fec84e09733f39669ebca0f to your computer and use it in GitHub Desktop.
#!/bin/bash | |
# | |
# crt.sh sub-domain check by 1N3@CrowdShield | |
# https://crowdshield.com | |
# | |
OKBLUE='\033[94m' | |
OKRED='\033[91m' | |
OKGREEN='\033[92m' | |
OKORANGE='\033[93m' | |
RESET='\e[0m' | |
TARGET="$1" | |
if [ -z $TARGET ]; then | |
echo -e "$OKRED _ _ $RESET" | |
echo -e "$OKRED ___ _ __| |_ ___| |__ $RESET" | |
echo -e "$OKRED / __| '__| __| / __| '_ \ $RESET" | |
echo -e "$OKRED | (__| | | |_ _\__ \ | | |$RESET" | |
echo -e "$OKRED \___|_| \__(_)___/_| |_|$RESET" | |
echo "" | |
echo -e "$OKRED [+] by 1N3@CrowdShield$RESET" | |
echo -e "$OKRED [+] https://crowdshield.com$RESET" | |
echo -e "$OKRED [-] Usage: crt.sh <target>$RESET" | |
exit | |
fi | |
if [[ $TARGET = "--help" ]]; then | |
echo -e "$OKRED _ _ $RESET" | |
echo -e "$OKRED ___ _ __| |_ ___| |__ $RESET" | |
echo -e "$OKRED / __| '__| __| / __| '_ \ $RESET" | |
echo -e "$OKRED | (__| | | |_ _\__ \ | | |$RESET" | |
echo -e "$OKRED \___|_| \__(_)___/_| |_|$RESET" | |
echo "" | |
echo -e "$OKRED [+] by 1N3@CrowdShield$RESET" | |
echo -e "$OKRED [+] https://crowdshield.com$RESET" | |
echo -e "$OKRED [-] Usage: crt.sh <target>$RESET" | |
exit | |
fi | |
echo -e "$OKRED _ _ $RESET" | |
echo -e "$OKRED ___ _ __| |_ ___| |__ $RESET" | |
echo -e "$OKRED / __| '__| __| / __| '_ \ $RESET" | |
echo -e "$OKRED | (__| | | |_ _\__ \ | | |$RESET" | |
echo -e "$OKRED \___|_| \__(_)___/_| |_|$RESET" | |
echo "" | |
echo -e "$OKRED [+] by 1N3@CrowdShield$RESET" | |
echo -e "$OKRED [+] https://crowdshield.com$RESET" | |
echo -e "$OKRED + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +$RESET" | |
curl -s https://crt.sh/?q=%25.$TARGET > /tmp/curl.out | |
cat /tmp/curl.out | grep $TARGET | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $TARGET-crt.txt | |
cat $TARGET-crt.txt | |
echo -e "$OKRED [+] Domains saved to: $TARGET-crt.txt" | |
echo -e "$OKRED + -- ----------------------------=[Done!]=----------------------------------- -- +$RESET" |
Simpler would be to use pup:
$ curl -fsSL "https://crt.sh/?CN=%25.linux.com&exclude=expired" | pup 'td :contains(".linux.com") text{}' | sort -n | uniq -c | sort -rn | column -t 4 w.linux.com 4 video.linux.com 4 store.linux.com 4 smtp.linux.com 4 shop.linux.com 4 jp.linux.com 3 archive15.linux.com 2 aws-le-test.linux.com
How can one write the output into a file.
Simpler would be to use pup:
$ curl -fsSL "https://crt.sh/?CN=%25.linux.com&exclude=expired" | pup 'td :contains(".linux.com") text{}' | sort -n | uniq -c | sort -rn | column -t 4 w.linux.com 4 video.linux.com 4 store.linux.com 4 smtp.linux.com 4 shop.linux.com 4 jp.linux.com 3 archive15.linux.com 2 aws-le-test.linux.com
How can one write the output into a file.
curl -fsSL "https://crt.sh/?q=%25.domain-name.com&exclude=expired" | pup 'td :contains(".domain-name.com") text{}' | sort -n | uniq -c | sort -rn | column -t | cut -c 5- > domains.txt
What about third level subdomains?How can I get more level subdomains?
curl -fsSL "https://crt.sh/?q=%25.howtohack.tech&exclude=expired" | pup 'td :contains(".howtohack.tech") text{}' | sort -n | uniq -c | sort -rn | column -t | awk '{ print $2 }'
echo "Enter the domain name"
read TARGET
curl -fsSL "https://crt.sh/?q=%25.$TARGET&exclude=expired" | pup "td :contains(".$TARGET")" text{} | sort -n | uniq -c | sort -rn | column -t > $TARGET-crt.txt
this bash script will get you the subdomains result from the crt.sh website
Simpler would be to use pup: