added more osint sources

v4d1 · Feb 28, 2022 · 16f56a8 · 16f56a8
1 parent 1fefcb9
commit 16f56a8
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -62,7 +62,7 @@ python dome.py --help
 - Active and Passive scan (read above)
 - Faster than other subdomain enumeration tools
 - 7 different resolvers/nameservers including google, cloudfare (fastest), Quad9 and cisco DNS (use --resolvers filename.txt to use a custom list of resolvers, one per line)
-- Up to 17 different OSINT sources
+- Up to 20 different OSINT sources
 - Subdomains obtained via OSINT are tested to know if they are alive (only in active mode)
 - Support for webs that requires API token
 - Detects when api key is no longer working (Other tools just throw an error and stops working)
@@ -109,6 +109,9 @@ Without API:
 - bufferover.run
 - CertSpotter
 - Anubis-DB
+- Hunt.io
+- Sonar
+- SiteDossier
 
 With API:
 

diff --git a/dome.py b/dome.py
@@ -584,15 +584,27 @@ def runBinaryEdge(domain):
 def runAlienVault(domain):
 	if printOutputV: print(B + "\n[!] Searching in" + W + " AlienVault:")
 
-	r = requests.get("https://otx.alienvault.com/api/v1/indicators/domain/" + domain + "/passive_dns", )
+	r = requests.get("https://otx.alienvault.com/api/v1/indicators/domain/" + domain + "/passive_dns")
 	d = json.loads(r.text)
 	for i in range(len(d["passive_dns"])):
 		if domain in d["passive_dns"][i]["hostname"]:
 			checkDomain(d["passive_dns"][i]["hostname"])
 
 
 
-
+def runSiteDossier(domain):
+	if printOutputV: print(B + "\n[!] Searching in" + W + " Sitedossier:")
+	data=""
+	page=1
+	while "No data currently available." not in data:
+		r = requests.get("http://www.sitedossier.com/parentdomain/" + domain + "/" + str(page))
+		page=page + 100
+		data=r.text
+		pattern = '(?!2?F)[a-zA-Z0-9\-\.]*\.' + str(domain.split('.')[0]) + '\.' + str(domain.split('.')[1])
+		for domain in re.findall(pattern, r.text):
+			checkDomain(domain) #we send to check domain to verify it still exists
+
+
 
 
 #This function is used as template. Makes request method and grep
@@ -630,6 +642,9 @@ def runPassive(domains):
 			if printOutput: print(Y + "[!] No API Tokens detected. Running free OSINT engines...")
 
 		for domain in domains:
+			runSiteDossier(domain)
+			defaultRun("Sonar", "https://sonar.omnisint.io/subdomains/" + domain + "?page=", domain)
+			defaultRun("Hunt.io", "https://fullhunt.io/api/v1/domain/" + domain + "/details", domain)
 			defaultRun("Anubis-DB", "https://jonlu.ca/anubis/subdomains/" + domain, domain)
 			defaultRun("ThreatCrowd", "https://www.threatcrowd.org/searchApi/v2/domain/report/?domain=" + domain, domain)
 			defaultRun("HackerTarget", "https://api.hackertarget.com/hostsearch/?q=" + domain, domain)