-
Notifications
You must be signed in to change notification settings - Fork 26
/
test.go
79 lines (63 loc) · 2.87 KB
/
test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package main
import (
"context"
"fmt"
"github.com/ZhuriLab/Starmap/pkg/passive"
"github.com/ZhuriLab/Starmap/pkg/resolve"
"github.com/ZhuriLab/Starmap/pkg/runner"
"log"
)
/**
@author: yhy
@since: 2022/8/17
@desc: //TODO
**/
func Starmap(domain string) (error, *map[string]resolve.HostEntry, []string) {
config, _ := runner.UnmarshalRead("/Users/yhy/.config/Starmap/config.yaml")
config.Recursive = resolve.DefaultResolvers
config.Sources = passive.DefaultSources
config.AllSources = passive.DefaultAllSources
config.Recursive = passive.DefaultRecursiveSources
var verify bool
options := &runner.Options{
Threads: 10, // Thread controls the number of threads to use for active enumerations
Timeout: 30, // Timeout is the seconds to wait for sources to respond
MaxEnumerationTime: 10, // MaxEnumerationTime is the maximum amount of time in mins to wait for enumeration
Resolvers: resolve.DefaultResolvers, // Use the default list of resolvers by marshaling it to the config
Sources: passive.DefaultSources, // Use the default list of passive sources
AllSources: passive.DefaultAllSources, // Use the default list of all passive sources
Recursive: passive.DefaultRecursiveSources, // Use the default list of recursive sources
YAMLConfig: config, // 读取自定义配置文件
All: true,
Verbose: verify,
Brute: true,
Verify: true, // 验证找到的域名
RemoveWildcard: true, // 泛解析过滤
MaxIps: 100, // 爆破时如果超出一定数量的域名指向同一个 ip,则认为是泛解析
DNS: "cn", // dns 服务器区域选择,根据目标选择不同区域得到的结果不同,国内网站的话,选择 cn,dns 爆破结果比较多
BruteWordlist: "", // 爆破子域的域名字典,不填则使用内置的
Level: 2, // 枚举几级域名,默认为二级域名
LevelDic: "", // 枚举多级域名的字典文件,当level大于2时候使用,不填则会默认
Takeover: false, // 子域名接管检测
SAll: false, // 子域名接管检测中请求全部 url,默认只对匹配的 cname 进行检测
}
runnerInstance, err := runner.NewRunner(options)
err, uniqueMap, unanswers := runnerInstance.EnumerateSingleDomain(context.Background(), domain, nil)
if err != nil {
return err, nil, nil
}
return nil, uniqueMap, unanswers
}
func main() {
err, subdomains, unanswers := Starmap("moresec.cn")
if err != nil { // 运行失败,丢给其他机器扫描
log.Fatalln(err)
}
for _, hostEntry := range *subdomains {
fmt.Printf("%v \n", hostEntry)
//delete(*subdomains, sub)
}
//*subdomains = nil
fmt.Println(len(*subdomains))
fmt.Println(unanswers)
}