[ { "path": ".github/FUNDING.yml", "content": "# These are supported funding model platforms\n\ngithub: C3n7ral051nt4g3ncy\npatreon: # Replace with a single Patreon username\nopen_collective: # Replace with a single Open Collective username\nko_fi: tacticalintelanalyst\ntidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel\ncommunity_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry\nliberapay: # Replace with a single Liberapay username\nissuehunt: # Replace with a single IssueHunt username\notechie: # Replace with a single Otechie username\nlfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry\ncustom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']\n" }, { "path": "LICENSE", "content": "MIT License\n\nCopyright (c) 2022 OSINT Tactical\nhttps://github.com/C3n7ral051nt4g3ncy/\nhttps://twitter.com/OSINT_Tactical\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n" }, { "path": "README.md", "content": "
\n \n \n \"GitHub\"\n \"Kofi\"\n\"BTC\"\n\n
\n
\n \n \"Licence\"\n
\n \n
\n\n
\n
\n\n\n
\n
\n
\n\n\n# WebOSINT šŸŒ\n**WebOSINT** is a Python script to gather (passive) domain intelligence.\n\n
\n\n \n# Requirements šŸ\n- [Python 3](https://www.python.org/downloads/)\n- Don't forget to install `requirements.txt`\n- You will be limited in your search requests with the Hacker Target free API, you can purchase a Hacker Target membership and your API here: (https://hackertarget.com/scan-membership/)\n- For the WhoisXML API; this is an easy process and free, simply create an account and use the `trial 500 free API requests` (Once you have used the 500 requests you will need to make a purchase, and if you don't want a yearly or monthly membership you can make one-time payments, `5000 queries for 100,00$ USD` or `1000 queries for 30,00$ USD` :(https://whois.whoisxmlapi.com)\n\n
\n\n# Running the script with Docker šŸ³\n```\ndocker run -it scorpix06/webosint\n```\n\n\n# Installation āš™ļø\n\n```\ngit clone https://github.com/C3n7ral051nt4g3ncy/webosint\n```\n \n```\ncd webosint\n```\n \n```\npip3 install -r requirements.txt\n```\n \n```\npython3 webosint.py\n```\n
\n\nOnce the script starts, you won't have much typing to do: \n``` \n- Domain format example: google.com\n- To choose between yes and no: Type Y or y for Yes | N or n for No\n- Choose between a free search and search with your API Key: Type -F or f for the free search | Type -API or api for the search with your API keys\n``` \n\n\n
\n\n# API Keys šŸ”‘\nIn the `Config.json` file, just paste your API Keys inside the quotation marks `\"API Key\"` (see photo below)\n- It's **not an obligation** to pay for a **Hacker Target** API key, you can leave it how it is, just choose the free search by typing `-F` each time the tool asks you to choose between the Free search and the search using your API key.\n- It's an **obligation** āœ… to get yourself a **WhoisXML** Api key, this is free (`500 searches free`), just go to the WhoisXML website and get an account to get your API key: (https://whois.whoisxmlapi.com)\n- It's also an **obligation** āœ… to get yourself a **WhoisFreaks** Api key, this is free (`100 searches free`), just go to the WhoisFreaks website and sign up to get your API key: (https://whoisfreaks.com), and by the way, once your 100 free searches are used, you can purchase 5000 API Calls for only 19,00$ USD\n\n\n
\n\n \n\n\n\n
\n
\n \n# Tool Sequence ā›“ļø\n\n### [1]\n``` \nChecking if the domain is registered\n```\n### [2]\n``` \nGet the domain ip address and location data, Version, ASN (Tool updated 16 July 2022, now with double IP verification)\n```\n### [3]\n``` \nReverse ip search to extract all domains with the same ip (HackerTarget free and paid API)\n``` \n### [4]\n``` \nDNS records with HackerTarget free and Paid API \n``` \n### [5]\n``` \nWhois domain information\n```\n### [6]\n``` \nDomain CERT (Certificate) search using CRT.SH\n``` \n\n### [7]\n``` \nDomain reputation scan with WhoisXML free API\n``` \n\n### [8]\n``` \nSubdomain Scanner \n``` \n\n### [9]\n``` \nHistorical Whois Search with WhoisFreaks free API (100 Free API Calls)\n``` \n\n\n
\n\n# Terminal Scrollback Buffer šŸ”£\nBe aware that for the reverse IP search using the Hacker Target API, you are going to get a few hundred results for some websites, make sure that your Terminal Scrollback preferences are set to `unlimited scrollback` so that you can scroll back up to see all results!\n\n

\n

\n\n\n
\n\n# Potential Issues and Errors āŒ\nBefore making this repository public, I gave private access to a few people, some were getting an error right at the beginning of the script and websites that were `Registered` were being shown as `Not Registered`. Found the problem/issue, some people have both `whois` and `python-whois` modules, and they were conflicting with each other. Fixing the issue will be:\n``` \npip3 uninstall whois\n``` \n``` \npip3 uninstall python-whois\n``` \nMake a clean install: \n``` \npip 3 install python-whois\n``` \n\n
\n \nOr simply use `virtualenv` šŸ§ \n\n
\n\n# Disclaimer āš ļø\n\n`This tool is for the OSINT and Cyber community, don't use it for wrong, immoral, or illegal reasons.`\n\n
\n\n# Tool Improvements šŸ”§\nFeel free to contribute and to change some code within the tool, submit a PR (Pull Request), or submit your thoughts here on github in the [Webosint discussions](https://github.com/C3n7ral051nt4g3ncy/webosint/discussions)\n
\n
\n\n# License āš–ļø\n[MIT](https://choosealicense.com/licenses/mit/)\n \n
\n \n# Support šŸ’œ\nIf you like this simple Python tool, feel free to donate to my work by clicking on the **KO-FI** Badge or the **BITCOIN** Badge at the top of this `README.md` file, you can also scan my BTC QR Code directly to get my BTC Address. \n\n
\n\n# Mention šŸ”Š\nThank you to [Hacker Target](https://hackertarget.com) for their API and great work which makes this tool possible, thank you also to [WHOisXML](https://main.whoisxmlapi.com) for their API as they make a free API (500 searches) which provides a great opportunity for the people in the Cyber community, and thanks to [Whois Freaks](https://whoisfreaks.com)for their free 100 search API Trial.\nThanks to [@cipher387](https://github.com/cipher387)/[@cyb_detective](https://twitter.com/cyb_detective) and to [Euler Neto](https://github.com/netoeuler) for testing the script before release and finding 2 minor corrections.\n \n
\n \n

\n\n
\n \n

\n \n
\n \n

\n \n\n\n" }, { "path": "config.json", "content": "{\r\n \"WHOIS_XML_API_KEY\": \"paste WhoisXML api here\" ,\r\n\r\n\"HACKERTARGET_API_KEY\": \"paste hacker target api here\" ,\r\n \r\n \"WHOIS_FREAKS_API_KEY\": \"paste your Whois Freaks api here\"\r\n\r\n}\r\n" }, { "path": "dockerfile", "content": "FROM python:3\n\nCOPY . .\nRUN pip install --no-cache-dir -r requirements.txt\n\n\nCMD [ \"python\", \"./webosint.py\" ]\n\n\n\n" }, { "path": "requirements.txt", "content": "python-whois\nrequests\npycrtsh\n" }, { "path": "webosint.py", "content": "#!/usr/bin/env python3\n# File name : webosint.py\n# Tool name : W3b0s1nt (WebOSINT)\n# Author : @C3n7ral051nt4g3ncy\n# Version : V2.1\n# Licence : MIT\n# Script Info : WebOSINT is a passive Domain Intelligence recon tool, a Swiss army knife with 8 modules\n\n\n# Py Libs\nimport re\nimport whois\nimport socket\nimport requests\nimport time\nimport sys\n# import readline\nimport json\nfrom pprint import pprint\nfrom pycrtsh import Crtsh\nfrom dateutil.parser import parse\nfrom requests import get\n\n\nclass MyCrtsh:\n def search(self, query, timeout=None):\n \"\"\"\n Search crt.sh with the give query\n Query can be domain, sha1, sha256...\n \"\"\"\n r = requests.get('https://crt.sh/', params={'q': query, 'output': 'json'}, timeout=timeout)\n nameparser = re.compile(\"([a-zA-Z]+)=(\\\"[^\\\"]+\\\"|[^,]+)\")\n certs = []\n try:\n for c in r.json():\n if not c['entry_timestamp']:\n continue\n certs.append({\n 'id': c['id'],\n 'logged_at': parse(c['entry_timestamp']),\n 'not_before': parse(c['not_before']),\n 'not_after': parse(c['not_after']),\n 'name': c['name_value'],\n 'ca': {\n 'caid': c['issuer_ca_id'],\n 'name': c['issuer_name'],\n 'parsed_name': dict(nameparser.findall(c['issuer_name']))\n }\n })\n except json.decoder.JSONDecodeError:\n pass\n return certs\n\n\n# W3b0s1nt Banner\nprint(\"\"\"\\033[0;35m\n*ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•* \nā–ˆ ā–ˆā–ˆā•— ā–ˆā–ˆā•—ā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā•— ā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā•— ā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā•— ā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā•— ā–ˆā–ˆā•—ā–ˆā–ˆā–ˆā•— ā–ˆā–ˆā•—ā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā•— ā–ˆ\nā–ˆ ā–ˆā–ˆā•‘ ā–ˆā–ˆā•‘ā•šā•ā•ā•ā•ā–ˆā–ˆā•—ā–ˆā–ˆā•”ā•ā•ā–ˆā–ˆā•—ā–ˆā–ˆā•”ā•ā–ˆā–ˆā–ˆā–ˆā•—ā–ˆā–ˆā•”ā•ā•ā•ā•ā•ā–ˆā–ˆā–ˆā•‘ā–ˆā–ˆā–ˆā–ˆā•— ā–ˆā–ˆā•‘ā•šā•ā•ā–ˆā–ˆā•”ā•ā•ā• ā–ˆ\nā–ˆ ā–ˆā–ˆā•‘ ā–ˆā•— ā–ˆā–ˆā•‘ ā–ˆā–ˆā–ˆā–ˆā–ˆā•”ā•ā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā•”ā•ā–ˆā–ˆā•‘ā–ˆā–ˆā•”ā–ˆā–ˆā•‘ā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā•—ā•šā–ˆā–ˆā•‘ā–ˆā–ˆā•”ā–ˆā–ˆā•— ā–ˆā–ˆā•‘ ā–ˆā–ˆā•‘ ā–ˆ\nā–ˆ ā–ˆā–ˆā•‘ā–ˆā–ˆā–ˆā•—ā–ˆā–ˆā•‘ ā•šā•ā•ā•ā–ˆā–ˆā•—ā–ˆā–ˆā•”ā•ā•ā–ˆā–ˆā•—ā–ˆā–ˆā–ˆā–ˆā•”ā•ā–ˆā–ˆā•‘ā•šā•ā•ā•ā•ā–ˆā–ˆā•‘ ā–ˆā–ˆā•‘ā–ˆā–ˆā•‘ā•šā–ˆā–ˆā•—ā–ˆā–ˆā•‘ ā–ˆā–ˆā•‘ ā–ˆ\nā–ˆ ā•šā–ˆā–ˆā–ˆā•”ā–ˆā–ˆā–ˆā•”ā•ā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā•”ā•ā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā•”ā•ā•šā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā•”ā•ā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā•‘ ā–ˆā–ˆā•‘ā–ˆā–ˆā•‘ ā•šā–ˆā–ˆā–ˆā–ˆā•‘ ā–ˆā–ˆā•‘ ā–ˆ\nā–ˆ ā•šā•ā•ā•ā•šā•ā•ā• ā•šā•ā•ā•ā•ā•ā• ā•šā•ā•ā•ā•ā•ā• ā•šā•ā•ā•ā•ā•ā• ā•šā•ā•ā•ā•ā•ā•ā• ā•šā•ā•ā•šā•ā• ā•šā•ā•ā•ā• ā•šā•ā• ā–ˆ\nā–ˆ V1.1.4 ā–ˆ\nā–ˆ W3b0s1nt: Domain Intelligence ā–ˆ \n*ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•*\\033[0m\\033[0;32m \n ā•”ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•—\n ā•‘ by C3n7ral051nt4g3ncy ā•‘ \n ā•‘ Github.com/C3n7ral051nt4g3ncy ā•‘ \n ā•‘ Contributions(BTC):bc1q66awg48m2hvdsrf62pvev78z3vkamav7chusde ā•‘\n ā•‘ Licence:MIT ā•‘\n ā•šā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•\n \\033[0m\"\"\")\ntime.sleep(3)\n\n# What the script does (Sequence)\nprint(\"[1]Domain Registration Check\"\n \"\\n[2]Get Domain IP + Data\"\n \"\\n[3]Reverse IP Search -extract Domains with same IP (HackerTarget API)\"\n \"\\n[4]Get DNS Records (HackerTarget API)\"\n \"\\n[5]Whois Domain Information\"\n \"\\n[6]Domain CERT search (CRT.SH)\"\n \"\\n[7]Domain Reputation search WhoisXML\"\n \"\\n[8]Subdomain scan\"\n \"\\n[9]Historical Whois\")\n\nwith open('config.json', 'r') as f:\n config = json.load(f)\n\nWHOIS_XML_API_KEY = config['WHOIS_XML_API_KEY']\nHACKERTARGET_API_KEY = config['HACKERTARGET_API_KEY']\nWHOIS_FREAKS_API_KEY = config['WHOIS_FREAKS_API_KEY']\n\n\n# Checking if the domain is registered\ndef registrationstatus(domain_name):\n \"\"\"\n Checking whether the domain is registered or not\n \"\"\"\n\n try:\n dn = whois.whois(domain_name)\n except Exception:\n return False\n else:\n return bool(dn.domain_name)\n\n\nprint(\"\\nLet's start by checking if the domain is registered!\")\nquery = input(\"\\n\\033[0;35m\\033[1mDomain Name: \\033[0m\")\ndomain = query\nprint(domain, \"\\033[0;32m...searching for domain registration\\n\")\nprint(domain, \"\\033[0;32m\\033[1m is registered āœ… \\033[0m\" if registrationstatus(\n domain) else \"\\033[0;31m\\033[1m is not registered āŒ \\033[0m\")\n\n\n# Get domain IP Address\ndef domain_ip():\n \"\"\"\n Find Domain ip address\n \"\"\"\n\n website = query\n try:\n domain_ip = socket.gethostbyname(website)\n\n except Exception as e:\n return\n\n\n print(\"\\n\\033[0;35m\\033[1mDomain IP: \\033[1m\\033[0;32m\\n\")\n print(domain_ip)\n\n ip_address = domain_ip\n response = requests.get(f'https://ipapi.co/{ip_address}/json/').json()\n print(\"\\n\\033[0;35m\\033[1mIP Data:\\n\\033[0m\\033[0;32m\")\n pprint(response)\n\n print(\"\\n\\n\\033[0;35m\\033[1mDouble IP verification using IPinfo.io\")\n print(\"\\n\\033[0;35m\\033[1mResults:\\033[0m\\033[0;32m\")\n\n response = requests.get(f'https://ipinfo.io/{ip_address}/json')\n data = json.loads(response.text)\n\n ip = data['ip']\n organization = data['org']\n city = data['city']\n region = data['region']\n country = data['country']\n location = data['loc']\n postal = data['postal']\n timezone = data['timezone']\n\n print(\"ip:\", ip)\n print(\"organization:\", organization)\n print(\"city:\", city)\n print(\"region:\", region),\\\n print(\"country:\", country)\n print(\"postal:\", postal)\n print(\"location:\", location)\n print(\"timezone\", timezone)\n\n choice = input(\"\\n\\n\\033[0;35m\\033[1mExtract domains with the same IP?\\033[0m y/n: \")\n if choice == \"y\" or choice == \"Y\":\n rev_ip(domain_ip, website)\n if choice == \"n\" or choice == \"N\":\n dns_records(website)\n else:\n print(\"You pressed the wrong key; choose Y or N, please start again\")\n sys.exit(1)\n\n\n# Reverse IP lookup intro - choice of limited free search or API Key\ndef rev_ip(domain_ip, domain):\n \"\"\"\n Choose Reverse ip for free or with your API\n \"\"\"\n\n print(\n \"\\n\\n\\033[1m!!! Hacker Target will give you a few tries for free, then you will need to change your ip or to use your API Key!!!\\033[0m\")\n\n choice = input(\n \"\"\"\\n\\033[0;35m\\033[1mType -F for Free Search, or Type -API for usage with your own API Key: \\033[0m\"\"\")\n if choice == \"-F\" or choice == \"-f\" or choice == \"F\" or choice == \"f\":\n rev_ip_free(domain_ip, domain)\n if choice == \"-API\" or choice == \"-api\" or choice == \"API\" or choice == \"api\":\n rev_ip_api(domain_ip, domain)\n\n else:\n print(\n \"You pressed the wrong key; choose -F for free search or -API for usage with your API Key, please start again\")\n sys.exit(1)\n\n\n# Reverse IP lookup using limited searches with the Hacker Target free test API to extract all domains using the same IP\ndef rev_ip_free(domain_ip, domain):\n \"\"\"\n Reverse IP search for Free\n \"\"\"\n\n # Returning and printing the status code\n print(\"\\n\\033[0;32mOne moment ...checking Hackertarget.com status\\033[0m\")\n URL = 'http://api.hackertarget.com/reverseiplookup'\n request = requests.get(URL)\n\n if request.status_code == 200:\n print(\n \"\\n\\033[0;32mstatus code 200!\\033[0m Hacker Target is \\033[0;32m\\033[1monline\\033[0m\\033[0;35m\\033[1m\\n\\nReverse IP search results:\\033[0m\\033[0;32m\\n\")\n else:\n print('\\033[0;32mResponse Failed, try again later')\n\n # Free Hacker Target API with limited searches\n ht_api = \"http://api.hackertarget.com/reverseiplookup\"\n domain_ip = {\"q\": domain_ip}\n response = requests.request(\"GET\", ht_api, params=domain_ip)\n print(response.text)\n\n choice = input(\"\\n\\n\\033[0;35m\\033[1mContinue to DNS Records search?\\033[0m y/n: \")\n if choice == \"y\" or choice == \"Y\":\n dns_records(domain)\n if choice == \"n\" or choice == \"N\":\n whois_search()\n\n else:\n print(\"You pressed the wrong key; choose Y or N, please start again\")\n sys.exit(1)\n\n\n# Reverse IP lookup using Hacker Target API to extract all domains using the same IP address\ndef rev_ip_api(domain_ip, domain):\n \"\"\"\n Reverse IP search with API\n \"\"\"\n\n # Returning and printing the status code (200 means the server was reached).\n print(\"\\n\\033[0;32mOne moment ...checking Hackertarget.com status\\033[0m\")\n URL = 'http://api.hackertarget.com/reverseiplookup'\n\n request = requests.get(URL)\n if request.status_code == 200:\n print(\n \"\\n\\n\\033[0;32mstatus code 200!\\033[0m Hacker Target is \\033[0;32m\\033[1monline\\033[0m\\033[0;35m\\033[1m\\n\\nReverse IP search results:\\033[0m\\033[0;32m\\n\")\n\n else:\n print('\\033[0;32mResponse Failed, try again later')\n\n # Using your own Hacker Target API to avoid restrictions\n query = domain_ip\n domain_ip = {\"q\": query}\n api = f\"https://api.hackertarget.com/reverseiplookup/?q={query}&apikey={HACKERTARGET_API_KEY}\"\n response = requests.request(\"GET\", api, params=domain_ip)\n print(response.text)\n\n choice = input(\"\\n\\n\\033[0;35m\\033[1mContinue to DNS Records search?\\033[0m y/n: \")\n\n if choice == \"y\" or choice == \"Y\":\n dns_records(domain)\n if choice == \"n\" or choice == \"N\":\n whois_search()\n\n else:\n print(\"You pressed the wrong key; choose Y or N, please start again\")\n sys.exit(1)\n\n\n# Search DNS Records (choose Free Search or using Hacker Target API KEY)\ndef dns_records(domain):\n \"\"\"\n Choose Free Search or API\n \"\"\"\n\n choice = input(\n \"\"\"\\n\\033[0;35m\\033[1mType -F for Free Search, or Type -API for usage with your own API Key: \\033[0m\"\"\")\n if choice == \"-F\" or choice == \"-f\" or choice == \"F\" or choice == \"f\":\n dns_records_free(domain)\n if choice == \"-API\" or choice == \"-api\" or choice == \"API\" or choice == \"api\":\n dns_records_api(domain)\n\n else:\n print(\n \"You pressed the wrong key; choose -F for free search or -API for usage with your API Key, please start again\")\n sys.exit(1)\n\n\n# Search DNS Records free\ndef dns_records_free(domain):\n \"\"\"\n DNS Records check\n \"\"\"\n\n print(\"\\n\\033[0;35m\\033[1mDNS Records search results:\\033[0m\\033[0;32m\\n\")\n dnsrecords_api = \"https://api.hackertarget.com/dnslookup/\"\n\n dns_records = {\"q\": domain}\n response = requests.request(\"GET\", dnsrecords_api, params=dns_records)\n print(response.text)\n\n choice = input(\"\\n\\n\\033[0;35m\\033[1mDo a Whois scan? y/n: \\033[0m\")\n if choice == \"y\" or choice == \"Y\":\n whois_search()\n if choice == \"n\" or choice == \"N\":\n sys.exit(1)\n\n else:\n print(\"You pressed the wrong key; choose Y or N, please start again\")\n sys.exit(1)\n\n\n# Using your own Hacker Target API to avoid restrictions\ndef dns_records_api(domain):\n \"\"\"\n DNS Records check with API\n \"\"\"\n print(\"\\n\\033[0;35m\\033[1mDNS Records search results:\\033[0m\\033[0;32m\\n\")\n dns_records = {\"q\": domain}\n api = f\"https://api.hackertarget.com/dnslookup/?q={domain}&apikey={HACKERTARGET_API_KEY}\"\n response = requests.request(\"GET\", api, params=dns_records)\n print(response.text)\n\n choice = input(\"\\n\\n\\033[0;35m\\033[1mDo a Whois scan? y/n: \\033[0m\")\n if choice == \"y\" or choice == \"Y\":\n whois_search()\n if choice == \"n\" or choice == \"N\":\n sys.exit(1)\n\n else:\n print(\"You pressed the wrong key; choose Y or N, please start again\")\n sys.exit(1)\n\n\n# Search further domain information with the Whois module\ndef whois_search():\n \"\"\"\n WHOis information search\n \"\"\"\n\n print(\"\\n\\n\\033[0;35m\\033[1mLet's try and find more domain information!\\033[0m\")\n webdomain = query\n domain_name = webdomain\n whois_information = whois.whois(domain_name)\n\n # WHOis results easy to read.\n print(\"\\n\\033[0;32mDomain Name:\", whois_information.domain_name)\n print(\"\\nDomain registrar:\", whois_information.registrar)\n print(\"\\nWHOis server:\", whois_information.whois_server)\n print(\"\\nDomain creation date:\", whois_information.creation_date)\n print(\"\\nExpiration date:\", whois_information.expiration_date)\n print(\"\\nUpdated Date:\", whois_information.updated_date)\n print(\"\\nServers:\", whois_information.name_servers)\n print(\"\\nStatus:\", whois_information.status)\n print(\"\\nEmail Addresses:\", whois_information.emails)\n print(\"\\nName:\", whois_information.name)\n print(\"\\nOrg:\", whois_information.org)\n print(\"\\nAddress:\", whois_information.address)\n print(\"\\nCity:\", whois_information.city)\n print(\"\\nState:\", whois_information.state)\n print(\"\\nZipcode:\", whois_information.zipcode)\n print(\"\\nCountry:\", whois_information.country)\n\n # Sleeping time so the user can view the results without the script moving too fast\n time.sleep(3)\n\n choice = input(\"\\n\\n\\033[0;35m\\033[1mCheck domain CERT (Certificate)?\\033[0m y/n: \")\n if choice == \"Y\" or choice == \"y\":\n crt_sh(domain_name)\n if choice == \"N\" or choice == \"n\":\n domain_reputation(domain_name)\n\n else:\n print(\"You pressed the wrong key; choose Y or N, please start again\")\n sys.exit(1)\n\n\n# Site Certificate search with CRT.SH\ndef crt_sh(domain_name):\n c = MyCrtsh()\n certs = c.search(domain_name)\n print(\"\\n\\033[0;35m\\033[1mWebsite cert. search results:\\033[0m\\n\\033[0;32m\")\n pprint(certs[:6])\n\n time.sleep(3)\n\n choice = input(\"\\n\\n\\033[0;35m\\033[1mDomain reputation scan?\\033[0m y/n: \")\n if choice == \"Y\" or choice == \"y\":\n domain_reputation(domain_name)\n if choice == \"N\" or choice == \"n\":\n print(\"\\n\\n\\n\\033[0;35m\\033[1mBye Bye šŸ˜ˆ !!! You have reached the end of your domain Recon journey...\")\n sys.exit(1)\n\n else:\n print(\"You pressed the wrong key; choose Y or N, please start again\")\n sys.exit(1)\n\n\n# Domain Reputation Scan\ndef domain_reputation(domain_name):\n \"\"\"\n Domain reputation scan\n \"\"\"\n\n print(\"\\n\\033[0;35m\\033[1mOK! Let's check domain reputation using WhoisXML API\\n\\033[0m\")\n\n query = domain_name\n reputation = {\"q\": query}\n api = f\"https://domain-reputation.whoisxmlapi.com/api/v2?apiKey={WHOIS_XML_API_KEY}&domainName={query}\"\n response = requests.request(\"GET\", api, params=reputation)\n\n print(\"\\n\\n\\033[0;35m\\033[1mDomain Reputation check results:\\n\\n\\033[0;32m\")\n pprint(response.text)\n\n time.sleep(3)\n\n choice = input(\"\\n\\n\\033[0;35m\\033[1mLet's do a subdomain scan?\\033[0m y/n: \")\n if choice == \"Y\" or choice == \"y\":\n subdomain_scanner(domain_name)\n if choice == \"N\" or choice == \"n\":\n whois_history(domain_name)\n\n\n# WebOSINT Subscan (Subdomain Scanner)\ndef subdomain_scanner(domain_name):\n \"\"\"\n Subdomain scan\n \"\"\"\n\n subdomains_found = []\n\n sdsreq = requests.get(f'https://crt.sh/?q={domain_name}&output=json')\n\n if sdsreq.status_code == 200:\n print('\\033[0;32m\\033[1m\\n\\nScanning for subdomains now...')\n\n else:\n print(\"\\033[0;32mThe subdomain scanner tool is currently offline, please try again in a few minutes!\\033[0m\")\n sys.exit(1)\n\n for (key, value) in enumerate(sdsreq.json()):\n subdomains_found.append(value['name_value'])\n\n print(\n f\"\\n\\n\\033[0;35m\\033[1mYour chosen targeted Domain for the Subdomain scan:\\033[0;32m{domain_name}\\033[0m\\033[0;32m\\n\")\n\n subdomains = sorted(set(subdomains_found))\n\n for sub_link in subdomains:\n print(f'\\033[1m[āœ… Subdomain Found]\\033[0m\\033[0;32m -->{sub_link}')\n\n print(\"\\n\\033[1m\\033[0;35m\\033[1mSubdomain Scan Completed! \\033[0;32m\\033[1m- ALL Subdomains have been Found\")\n\n time.sleep(3)\n\n choice = input(\"\\n\\n\\033[0;35m\\033[1mDo you want to finish with a Whois History search?\\033[0m y/n: \")\n if choice == \"Y\" or choice == \"y\":\n whois_history(domain_name)\n if choice == \"N\" or choice == \"n\":\n print(\"\\n\\n\\n\\033[0;35m\\033[1mBye Bye šŸ˜ˆ !!! You have reached the end of your domain Recon journey...\")\n sys.exit(1)\n\n\n# Whois History using your WhoisFreaks API Key\ndef whois_history(domain_name):\n \"\"\"\n Whois History search\n \"\"\"\n\n print(\"\\n\\033[0;35m\\033[1mOK Let's do this and check Historical Whois using your Whois Freaks API ;-)\\n\\033[0m\")\n\n time.sleep(2)\n\n print(\"\\n\\033[0;35m\\033[1mHistorical Whois results:\\n\\n\\033[0;32m\")\n\n query = domain_name\n whoishistory = {\"q\": query}\n api = f\"https://api.whoisfreaks.com/v1.0/whois?apiKey={WHOIS_FREAKS_API_KEY}&whois=historical&domainName={query}\"\n response = requests.request(\"GET\", api, params=whoishistory)\n pprint(response.text)\n\n time.sleep(3)\n\n # Farewell Goodbye End of Script Message\n print(\"\\n\\n\\n\\033[0;35m\\033[1mBye Bye šŸ˜ˆ !!! You have reached the end of your domain Recon journey...\")\n sys.exit(1)\n\n\n# Choice to use Dig\nchoice = input(\"\"\"\\n\\n\\033[0;35m\\033[1mFind domain IP?\\033[0m y/n: \"\"\")\nif choice == \"Y\" or choice == \"y\":\n domain_ip()\nif choice == \"N\" or choice == \"n\":\n dns_records(query)\nelse:\n print(\"\\n\\n\\033[0;31m\\033[1mDomain IP not found for:\")\n print(domain)\n print(\"\\033[0;32mThis means that you will now be taken straight to the Reverse DNS search module...\")\n dns_records(domain)\n\n\n# Main.\ndef main():\n registrationstatus()\n domain_ip()\n rev_ip()\n rev_ip_free()\n rev_ip_api()\n dns_records()\n dns_records_free()\n dns_records_api()\n whois_search()\n crt_sh()\n domain_reputation()\n subdomain_scanner()\n whois_history()\n\n\nif __name__ == '__main__':\n main()\n" }, { "path": "webosint_screenshots.md", "content": "

\n\n\n
\n
\n\n\n\n
\n
\n\n\n\n
\n
\n\n\n\n
\n
\n\n \n\n
\n\n

\n" } ]