initial commit

Cargo.toml

@@ -0,0 +1,32 @@
+[package]
+name = "DarkScout"
+version = "0.1.0"
+authors = ["DarkSuite"]
+edition = "2021"
+description = "A reliable, nimble, cross-platform subdomain enumerator."
+repository = "https://github.com/DarkSuite/DarkScout/"
+license = "GPL-3.0-or-later"
+keywords = ["discover-subdomains", "ct-logs", "search-subdomains", "enumerate-subdomains", "subdomain-scanner"]
+readme = "README.md"
+rust-version = "1.58"
+resolver = "1"
+
+[dependencies]
+serde = { version = "1.0.152", features = ["derive"] }
+serde_derive = "1.0.152"
+reqwest = { version = "0.11.14", features = ["blocking", "json", "gzip"] }
+rand = "0.8.5"
+rayon = "1.6.1"
+addr = "0.15.6"
+serde_json = "1.0.91"
+rusolver = { git = "https://github.com/Edu4rdSHL/rusolver", rev = "cf75cafee7c9d0c257c0b5a361441efc4e247e9c" }
+fhc = { git = "https://github.com/Edu4rdSHL/fhc", rev = "c6ea4c6ad810061312f4b380d0ab7d51775950b1" } 
+tokio = "1.25.0"
+crossbeam = "0.8.2"
+futures = "0.3.26"
+anyhow = "1.0.68"
+itertools = "0.10.5"
+native-tls = "0.2.11"
+clap = { version = "4.1.8", features = ["derive", "env"] }
+dotenv = "0.15.0"
+indicatif = "0.17.2"

README.md

@@ -1 +1,128 @@
-# DarkScout
+# DarkScout
+darkscout is a simple, nimble subdomain enumeration tool written in Rust language. It is designed to help bug bounty hunters, security professionals and penetration testers discover subdomains of a given target domain.
+
+<!-- PROJECT SHIELDS -->
+<!--
+*** I'm using markdown "reference style" links for readability.
+*** Reference links are enclosed in brackets [ ] instead of parentheses ( ).
+*** See the bottom of this document for the declaration of the reference variables
+*** for contributors-url, forks-url, etc. This is an optional, concise syntax you may use.
+*** https://www.markdownguide.org/basic-syntax/#reference-style-links
+-->
+[![Contributors][contributors-shield]][contributors-url]
+[![Forks][forks-shield]][forks-url]
+[![Stargazers][stars-shield]][stars-url]
+[![Issues][issues-shield]][issues-url]
+[![GNU License][license-shield]][license-url]
+
+Sources:
+- Alienvault
+- Anubis
+- Crtsh
+- Hackertarget
+- Omnisint (FYI - This site is down often.)
+- Threatminer
+
+<!-- ROADMAP -->
+## Usage
+```console
+$ ./darkscout -t hackthissite.org
+```
+```console
+$ ./darkscout -t hackthissite.org -o hackthesite.txt
+```
+
+<!-- ROADMAP -->
+## Build
+```console
+$ git clone https://github.com/DarkSuite/DarkScout
+$ cd darkscout
+$ cargo build --release
+$ cd target/release
+$ ./darkscout -t hackthissite.org
+```
+
+<!-- ROADMAP -->
+## Output
+```console
+$ ./darkscout -t facebook.com
+www.m.facebook.com------------step1-----acc---verify.digi-worx.com
+cpanel.the--facebook.com
+mail.the--facebook.com
+the--facebook.com
+webdisk.the--facebook.com
+webmail.the--facebook.com
+www.the--facebook.com
+proxygen_verifier.facebook.com
+m.facebook.com-----------n.slickgt.com.br
+www.m.facebook.com-----------n.slickgt.com.br
+m.facebook.com---------terms-of-service.digi-worx.com
+www.m.facebook.com---------terms-of-service.digi-worx.com
+m.facebook.com----------step1---confirm.sorgu2.com
+www.m.facebook.com----------step1---confirm.sorgu2.com
+m.facebook.com------login---step1.akuevi.net
+www.m.facebook.com------login---step1.akuevi.net
+m.facebook.com-----validate---read---new---tos.yudumay.com
+www.m.facebook.com-----validate---read---new---tos.yudumay.com
+m.facebook.com----securelogin--confirm.wpthm.ir
+www.m.facebook.com----securelogin--confirm.wpthm.ir
+news--facebook.com
+[email protected]
+china--facebook.com
+www.china--facebook.com
+thefacebook.com
+
+[darkscout]> Successfully scraped 11712 subdomains from facebook.com in 81.238776082s
+```
+
+<!-- ROADMAP -->
+## Roadmap
+
+* More passive sources for domain reconnaissance
+* Builtwith API integration
+* HTTP response code checks
+* Improved exception handling
+* IP validation
+* URI parameter parsing
+* DB integration via PostgreSQL
+
+See the [open issues](https://github.com/DarkSuite/DarkScout/issues) for a list of proposed features (and known issues).
+
+<!-- CONTRIBUTING -->
+## Contributing
+
+Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are **greatly appreciated**.
+
+1. Fork the Project
+2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)
+3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)
+4. Push to the Branch (`git push origin feature/AmazingFeature`)
+5. Open a Pull Request
+
+<!-- ISSUES AND REQUESTS -->
+## Issues and requests
+
+If you have a problem or a feature request, open an [issue](https://github.com/DarkSuite/DarkScout/issues).
+
+<!-- STARGAZERS -->
+
+## Stargazers over time
+
+[![Stargazers over time](https://starchart.cc/DarkSuite/DarkScout.svg)](https://starchart.cc/DarkSuite/DarkScout)
+
+<!-- CONTRIBUTORS -->
+## Contributors
+This project exists thanks to all the people who contribute. [See the contributors list](https://github.com/DarkSuite/DarkScout/graphs/contributors).
+
+<!-- MARKDOWN LINKS & IMAGES -->
+<!-- https://www.markdownguide.org/basic-syntax/#reference-style-links -->
+[contributors-shield]: https://img.shields.io/github/contributors/DarkSuite/DarkScout.svg?style=for-the-badge
+[contributors-url]: https://github.com/DarkSuite/DarkScout/graphs/contributors
+[forks-shield]: https://img.shields.io/github/forks/DarkSuite/DarkScout.svg?style=for-the-badge
+[forks-url]: https://github.com/DarkSuite/DarkScout/network/members
+[stars-shield]: https://img.shields.io/github/stars/DarkSuite/DarkScout.svg?style=for-the-badge
+[stars-url]: https://github.com/DarkSuite/DarkScout/stargazers
+[issues-shield]: https://img.shields.io/github/issues/DarkSuite/DarkScout.svg?style=for-the-badge
+[issues-url]: https://github.com/DarkSuite/DarkScout/issues
+[license-shield]: https://img.shields.io/github/license/DarkSuite/DarkScout.svg?style=for-the-badge
+[license-url]: https://github.com/DarkSuite/DarkScout/blob/master/LICENSE.txt

src/alienvault.rs

@@ -0,0 +1,83 @@
+use crate::structs::{AlientVaultDNS, Subdomain};
+
+use std::thread;
+use std::time::Duration;
+
+use indicatif::ProgressBar;
+use indicatif::ProgressStyle;
+
+// Scrape subdomains from alienvault
+pub async fn get_alienvault_subdomains(
+    domain: &str,
+) -> Result<Vec<Subdomain>, Box<dyn std::error::Error>> {
+
+    println!("[darkscout]> Grabbing domains from AlienVault...");
+    println!();
+
+    let results: AlientVaultDNS = reqwest::get(format!(
+        "https://otx.alienvault.com/api/v1/indicators/domain/{}/passive_dns",
+        domain
+    ))
+    .await?
+    .json()
+    .await?;
+
+    // Generate progress bar
+    let pb = ProgressBar::new_spinner();
+    pb.enable_steady_tick(Duration::from_millis(120));
+    pb.set_style(
+        ProgressStyle::with_template("{spinner:.blue} {msg}")
+            .unwrap()
+            .tick_strings(&[
+                "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹",
+                "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸",
+                "▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪",
+            ]),
+    );
+
+    pb.set_message("Scraping Alienvault...");
+    thread::sleep(Duration::from_secs(5));
+
+    // Parse response from AlienVault
+    let subdomains: Vec<Subdomain> = results
+        .passive_dns
+        .into_iter()
+        .filter(|sub| sub.hostname.is_some())
+        .map(|sub| Subdomain {
+            url: sub.hostname.unwrap(),
+        })
+        .collect();
+
+    // Stop progress bar once task completes    
+    pb.finish_with_message("Done: Alienvault Complete!");
+
+    //println!("[darkscout]> Finished grabbing domains from AlienVault...");
+
+    Ok(subdomains)
+
+}
+

src/anubis.rs

@@ -0,0 +1,76 @@
+use crate::structs::Subdomain;
+
+use std::thread;
+use std::time::Duration;
+
+use indicatif::ProgressBar;
+use indicatif::ProgressStyle;
+
+// Scrapes subdomains from jonlu.ca anubis
+pub async fn get_anubis_subdomains(
+    domain: &str,
+) -> Result<Vec<Subdomain>, Box<dyn std::error::Error>> {
+
+    println!("[darkscout]> Grabbing domains from Anubis...");
+    println!();
+
+    let results: Vec<String> =
+        reqwest::get(format!("https://jonlu.ca/anubis/subdomains/{}", domain))
+            .await?
+            .json()
+            .await?;
+
+        // Generate progress bar
+        let pb = ProgressBar::new_spinner();
+        pb.enable_steady_tick(Duration::from_millis(120));
+        pb.set_style(
+            ProgressStyle::with_template("{spinner:.blue} {msg}")
+                .unwrap()
+                .tick_strings(&[
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸▹",
+                    "▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▹▸",
+                    "▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪",
+                ]),
+        );
+
+        pb.set_message("Scraping Anubis...");
+        thread::sleep(Duration::from_secs(5));
+
+    // Parse response from Anubis
+    let subdomains: Vec<Subdomain> = results
+        .into_iter()
+        .map(|sub| Subdomain { url: sub })
+        .collect();
+
+   // Stop progress bar once task completes     
+    pb.finish_with_message("Done: Anubis Complete!");
+
+    //println!("[darkscout]> Finished grabbing domains from Anubis...");
+
+    Ok(subdomains)
+}
+