Merge pull request #69 from wez3/master

Added Google Certificate transparency report support

discovery/__init__.py

@@ -1,23 +1,24 @@
-__all__ = ["bingsearch",
-           "googlesearch",
-           "googleplussearch",
-           "pgpsearch",
-           "linkedinsearch",
-           "exaleadsearch",
-           "yandexsearch",
-           "googlesets",
-           "dnssearch",
-           "shodansearch",
-           "jigsaw",
-           "twittersearch",
-           "dogpilesearch",
-           "baidusearch",
-           "yahoosearch",
-           "netcraft",
-           "crtsh",
-           "virustotal",
-           "threatcrowd",
-           "wfuzz_search",
-           "port_scanner",
-           "takeover",
+__all__ = ["bingsearch",
+           "googlesearch",
+           "googleplussearch",
+           "pgpsearch",
+           "linkedinsearch",
+           "exaleadsearch",
+           "yandexsearch",
+           "googlesets",
+           "dnssearch",
+           "shodansearch",
+           "jigsaw",
+           "twittersearch",
+           "dogpilesearch",
+           "baidusearch",
+           "yahoosearch",
+           "netcraft",
+           "crtsh",
+           "virustotal",
+           "threatcrowd",
+           "wfuzz_search",
+           "port_scanner",
+           "takeover",
+           "googlecertificates",
            "googleCSE"]

discovery/googlecertificates.py

@@ -0,0 +1,40 @@
+import string
+import sys
+import re
+import time
+import requests
+import json
+
+class search_googlecertificates:
+    # https://www.google.com/transparencyreport/api/v3/httpsreport/ct/certsearch?include_expired=true&include_subdomains=true&domain=
+    def __init__(self, word, limit, start):
+        self.word = word
+        self.results = ""
+        self.totalresults = ""
+        self.server = "www.google.com"
+        self.userAgent = "(Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6"
+        self.quantity = "100"
+        self.limit = limit
+        self.counter = start
+
+    def do_search(self):
+        try:
+            urly="https://" + self.server + "/transparencyreport/api/v3/httpsreport/ct/certsearch?include_expired=true&include_subdomains=true&domain=" + self.word
+        except Exception, e:
+            print e
+        try:
+            r=requests.get(urly)
+        except Exception,e:
+            print e
+        self.results = r.content
+        self.totalresults += self.results
+
+    def get_domains(self):
+	domains = []
+	rawres = json.loads(self.totalresults.split("\n", 2)[2])
+	for array in rawres[0][1]:
+		domains.append(array[1])
+	return list(set(domains))
+
+    def process(self):
+        self.do_search()

theHarvester.py

@@ -40,8 +40,8 @@ def usage():
 
     print("Usage: theharvester options \n")
     print("       -d: Domain to search or company name")
-    print("""       -b: data source: baidu, bing, bingapi, dogpile, google, googleCSE,
-                        googleplus, google-profiles, linkedin, pgp, twitter, vhost, 
+    print("""       -b: data source: baidu, bing, bingapi, dogpile, google, google-certificates, 
+                        googleCSE, googleplus, google-profiles, linkedin, pgp, twitter, vhost, 
                         virustotal, threatcrowd, crtsh, netcraft, yahoo, hunter, all\n""")
     print("       -g: use google dorking instead of normal google search")
     print("       -s: start in result number X (default: 0)")
@@ -125,7 +125,7 @@ def start(argv):
             dnstld = True
         elif opt == '-b':
             engines = set(arg.split(','))
-            supportedengines = set(["baidu","bing","crtsh","bingapi","dogpile","google","googleCSE","virustotal","threatcrowd","googleplus","google-profiles","linkedin","pgp","twitter","vhost","yahoo","netcraft","hunter","all"])
+            supportedengines = set(["baidu","bing","crtsh","bingapi","dogpile","google","googleCSE","virustotal","threatcrowd","googleplus","google-profiles",'google-certificates',"linkedin","pgp","twitter","vhost","yahoo","netcraft","hunter","all"])
             if set(engines).issubset(supportedengines):
                 print("found supported engines")
                 print(("[-] Starting harvesting process for domain: " + word +  "\n"))
@@ -152,7 +152,15 @@ def start(argv):
                         db=stash.stash_manager()
                         db.store_all(word,all_hosts,'host','netcraft')
                         
-                    
+                    if engineitem == "google-certificates":
+                        print ("[-] Searching in Google Certificate transparency report..")
+       	                search = googlecertificates.search_googlecertificates(word, limit, start)
+                        search.process()
+                        all_hosts = search.get_domains()
+                        all_emails = []
+                        db=stash.stash_manager()
+                        db.store_all(word,all_hosts,'host','google-certificates')
+
                     if engineitem == "threatcrowd":
                         print("[-] Searching in Threatcrowd:")
                         search = threatcrowd.search_threatcrowd(word)
@@ -379,6 +387,14 @@ def start(argv):
                         all_emails.extend(emails)
                         all_emails = sorted(set(all_emails))
 
+                        print ("[-] Searching in Google Certificate transparency report..")
+                        search = googlecertificates.search_googlecertificates(word, limit, start)
+                        search.process()
+                        domains = search.get_domains()
+	                    all_hosts.extend(domains)
+
+
+
 
             else:
             #if engine not in ("baidu", "bing", "crtsh","bingapi","dogpile","google", "googleCSE","virustotal","threatcrowd", "googleplus", "google-profiles","linkedin", "pgp", "twitter", "vhost", "yahoo","netcraft","all"):