logo
DATABASE RESOURCES PRICING ABOUT US

hostmap-crtsh NSE Script

Description

Finds subdomains of a web server by querying Google's Certificate Transparency logs database (<https://crt.sh>). The script will run against any target that has a name, either specified on the command line or obtained via reverse-DNS. NSE implementation of ctfr.py (<https://github.com/UnaPibaGeek/ctfr.git>) by Sheila Berta. References: * www.certificate-transparency.org ## Script Arguments #### newtargets If set, add the new hostnames to the scanning queue. This the names presumably resolve to the same IP address as the original target, this is only useful for services such as HTTP that can change their behavior based on hostname. #### hostmap.prefix If set, saves the output for each host in a file called "<prefix><target>". The file contains one entry per line. #### slaxml.debug See the documentation for the [slaxml](<../lib/slaxml.html#script-args>) library. #### http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent See the documentation for the [http](<../lib/http.html#script-args>) library. #### max-newtargets See the documentation for the [target](<../lib/target.html#script-args>) library. #### smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See the documentation for the [smbauth](<../lib/smbauth.html#script-args>) library. ## Example Usage * nmap --script hostmap-crtsh --script-args 'hostmap-crtsh.prefix=hostmap-' <targets> * nmap -sn --script hostmap-crtsh <target> ## Script Output Host script results: | hostmap-crtsh: | subdomains: | svn.nmap.org | www.nmap.org |_ filename: output_nmap.org ## Requires * [io](<>) * [http](<../lib/http.html>) * [json](<../lib/json.html>) * [stdnse](<../lib/stdnse.html>) * [string](<>) * [stringaux](<../lib/stringaux.html>) * [target](<../lib/target.html>) * [table](<>) * [tableaux](<../lib/tableaux.html>) * * *


Related