generated from sn0int/sn0int-modules
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathgithub-subdomains.lua
144 lines (105 loc) · 3.75 KB
/
github-subdomains.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
-- Description: gathers subdomains via github
-- Version: 0.2.0
-- Keyring-Access: github
-- Source: domains
-- License: GPL-3.0
-- Author: ysf
-- blatently stolen from https://github.com/gwen001/github-search/blob/master/github-subdomains.py
-- creds to gwen001
-- Todos:
-- * IGNORECASE Regexes & Redirects in http_fetch
used_urls = {}
found_subdomains = {}
API_URL = 'https://api.github.com/search/code'
session = http_mksession()
function add_to_db(domain_id, subdomain)
if found_subdomains[subdomain] then return end
found_subdomains[subdomain] = 1
db_add('subdomain', {domain_id=domain_id, value=subdomain})
end
function to_raw_url(html_url)
html_url = str_replace(html_url, 'https://github.com/', 'https://raw.githubusercontent.com/')
return str_replace(html_url, '/blob/', '/')
end
function fetch_user_content(raw_url)
if used_urls[raw_url] then return end
used_urls[raw_url] = 1
debug("requesting raw user content "..raw_url)
local req = http_request(session, 'GET', raw_url, {
headers={authorization='token '..creds['access_key']},
binary=true,
})
local resp = http_fetch(req)
if last_err() then return end
local body = utf8_decode(resp['binary'])
if last_err() then
clear_err()
return nil
end
return body
end
function github_search(domain, sort, order, page)
local req = http_request(session, 'GET', API_URL, {
headers={authorization='token '..creds['access_key']},
query={
type='Code',
q='"'..domain..'"',
per_page='100',
s=sort,
o=order,
page=strval(page)
}
})
local resp = http_fetch(req)
if last_err() then return end
local data = json_decode(resp['text'])
if last_err() then return end
local reset_time = resp['headers']['x-ratelimit-reset']
local remaining = resp['headers']['x-ratelimit-remaining']
local now = time_unix()
local reset_seconds = reset_time - now
ratelimit_throttle('github-search', remaining - 1, reset_seconds*1000)
info({reset_seconds=reset_seconds, reset_time=reset_time, remaining=remaining})
return data['items']
end
function run(domain)
local DOMAIN_REGEX = '(([0-9a-z_\\-\\.]+)\\.' .. str_replace(domain['value'], '.', '\\.') .. ')'
creds = keyring('github')[1]
if not creds then
return 'github api key missing, please login and visit https://github.com/settings/tokens - no permissions required.'
end
local sort_order = {
{ sort='indexed', order='desc' },
{ sort='indexed', order='asc' },
{ sort='', order='desc' },
}
for o = 1, #sort_order do
local page = 0
local sort = sort_order[o]['sort']
local order = sort_order[o]['order']
while true do
page = page + 1
if page > 10 then
break
end
info("requesting page "..page)
local items = github_search(domain['value'], sort, order, page)
if last_err() then return end
if not items or #items == 0 then return end
for i = 1, #items do
local raw_url = to_raw_url(items[i]['html_url'])
local body = fetch_user_content(raw_url)
if last_err() then
warn("skipping "..raw_url.." due to error: "..last_err())
clear_err()
elseif body then
local subdomains = regex_find_all(DOMAIN_REGEX, body)
for j = 1, #subdomains do
add_to_db(domain['id'], subdomains[j][1])
end
if last_err() then return end
end
end
end
end
end