Discover new domains/subdomains with sonar.omnisint.io API

get_crobat_domains.py

# pip3 install requests argparse
# @author: @aetsu

import logging
import requests
import json
import urllib3
import socket
import sys
import argparse

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


class CrobatApi:
	def __init__(self):
		self.server_url = 'https://sonar.omnisint.io'

	def do_get_request(self, api_path, timeout=10):
		parsed_json = {}
		s = requests.Session()
		try:
			response = s.get(
				self.server_url + '/' + api_path, timeout=timeout, verify=False)
			if response.status_code == 200:
				parsed_json = json.loads(response.text)
			elif response.status_code == 400:
				logging.info(
					'(GET) - (' + self.server_url + api_path + ') <response.status_code:' + str(response.status_code) + '>')
			elif response.status_code == 404:
				logging.info(
					'(GET) - (' + self.server_url + api_path + ') <response.status_code:' + str(response.status_code) + '>')
		except:
			logging.error(
				'(GET) - (' + self.server_url + api_path + ')')
			parsed_json = {"error": self.server_url + api_path}
		return parsed_json

	def get_subdomains_from_domain(self, domain):
		'''
		/subdomains/{domain} - All subdomains for a given domain
		'''
		domain_list = self.do_get_request('subdomains/' + domain)
		return domain_list

	def get_subdomains_from_tlds(self, domain):
		'''
		/tlds/{domain} - All tlds found for a given domain
		'''
		domain_list = self.do_get_request('tlds/' + domain)
		return domain_list

	def get_subdomains_from_all_tlds(self, domain):
		'''
		/all/{domain} - All results across all tlds for a given domain
		'''
		d_aux = self.do_get_request('all/' + domain)
		domain_list = []
		for elem in d_aux:
			try:
				domain_list.append(elem['name'])
			except Exception as e:
				logging.error(
					'(get_subdomains_from_all_tlds) - <' + str(e) + '>')
		return domain_list

	def get_subdomains_from_reverse(self, ip):
		'''
		/reverse/{ip} - Reverse DNS lookup on IP address
		'''
		l_aux = self.do_get_request('reverse/' + ip)
		domain_list = []
		if l_aux is not None:
			for elem in l_aux:
				try:
					socket.inet_aton(elem)
				except socket.error:
					domain_list.append(elem)
		return domain_list

	def get_subdomains_from_reverse_mask(self, ip_maks):
		'''
		/reverse/{ip}/{mask} - Reverse DNS lookup of a CIDR range
		'''
		d_aux = self.do_get_request('reverse/' + ip_maks)
		domain_list = []
		for k, v in d_aux.items():
			for elem in v:
				try:
					socket.inet_aton(elem)
				except socket.error:
					domain_list.append(elem)
		return domain_list


if __name__ == '__main__':
	parser = argparse.ArgumentParser()
	parser.add_argument("-sd", help="All subdomains for a given domain")
	parser.add_argument("-tlds", help="All tlds found for a given domain")
	parser.add_argument("-all", help="All results across all tlds for a given domain")
	parser.add_argument("-reverse", help="Reverse DNS lookup on IP address")
	parser.add_argument("-reverse_mask", help="Reverse DNS lookup of a CIDR range")
	args = parser.parse_args()
	
	res = []
	crobat = CrobatApi()
	if args.sd:
		target = args.sd
		res = crobat.get_subdomains_from_domain(target)
	elif args.tlds:
		target = args.tlds
		res = crobat.get_subdomains_from_tlds(target)
	elif args.all:
		target = args.all
		res = crobat.get_subdomains_from_all_tlds(target)
	elif args.reverse:
		target = args.reverse
		res = crobat.get_subdomains_from_reverse(target)
	elif args.reverse_mask:
		target = args.reverse_mask
		res = crobat.get_subdomains_from_reverse_mask(target)
	else:
		parser.print_help()
		sys.exit()

	if res is not None:
		r_text = "Target: " + target + " -> " + str(len(res)) + " elements"
		print(r_text)
		print("-"*len(r_text))
		for elem in res:
			print(elem)