CTFR - Get subdomains of an HTTPS website abusing Certificate Transparency logs - KitPloit - PenTest Tools for your Security Arsenal ☣
2018-03-16 16:54:55 Author: www.kitploit.com(查看原文) 阅读量:78 收藏

Do you miss AXFR technique? This tool allows to get the subdomains from a HTTPS website in a few seconds.
How it works? CTFR does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs.
For more information about CT logs, check www.certificate-transparency.org.

Getting Started
Please, follow the instructions below for installing and run CTFR.

Pre-requisites
Make sure you have installed the following tools:

Python 3.0 or later.
pip3 (sudo apt-get install python3-pip).

Installing

git clone https://github.com/UnaPibaGeek/ctfr.git
cd ctfr
pip3 install -r requirements.txt

Running

python3 ctfr.py --help

Usage
Parameters and examples of use.

Parameters

-d --domain [target_domain] (required)
-o --output [output_file] (optional)

Examples

python3 ctfr.py -d starbucks.com
python3 ctfr.py -d facebook.com -o /home/shei/subdomains_fb.txt

Screenshot

Author

CTFR - Get subdomains of an HTTPS website abusing Certificate Transparency logs CTFR - Get subdomains of an HTTPS website abusing Certificate Transparency logs Reviewed by Lydecker Black on 5:03 PM Rating: 5


文章来源: https://www.kitploit.com/2018/03/ctfr-get-subdomains-of-https-website.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29
如有侵权请联系:admin#unsafe.sh