Skip to content

Add new API for subs

Jump to bottom
Ugo Meguerditchian edited this page May 29, 2023 · 3 revisions

Getting started

OrgASM let you easily add your API to get subs of a domain. You don't need to modify the api/global_parser.py to do this !

1 - Add the new script

First you need to create a new python script inside the /api folder.

2 - The script himself

Inside the script you need to import basic lib of OrgASM :

import lib.generics as gen
from lib.handler import handler

Then you need a "main" def that have a domain, handler and a key : (example from anubisdb getter)

def main(domain, handler: handler, key: str):
    # get all the subdomain of the domain from anubisdb
    # the url is https://jonlu.ca/anubis/subdomains/{domain}
    """
    example :
    ["secure.jonlu.ca","mail.jonlu.ca","wiki.jonlu.ca","blog.jonlu.ca","matomo.jonlu.ca","hostmaster.jonlu.ca","box.jonlu.ca","stats.jonlu.ca"]
    """
    subdomains = []
    url = f"https://jonlu.ca/anubis/subdomains/{domain}"
    response = handler.get(url, until_ok=False)._body.decode("utf-8")
    response = json.loads(response)
    for i in response:
        if i == "error" or not "." in i or "*" in i:
            continue
        subdomains.append(i)
    return subdomains

As you can see here you just need to return a list of subdomains.

In the script, the given handler has its own get def which will automatically work with proxies. You can also check whether the key is given: (hackertarget example)

import lib.custom_logger as custom_logger
import lib.generics as gen
from lib.handler import handler

logger = custom_logger.logger


def main(domain, handler: handler, key: str):
    # get all the subdomain of the domain from hackertarget
    # the url is https://api.hackertarget.com/hostsearch/?q={domain}
    # key is the api key
    if key :
        url = (
            "https://api.hackertarget.com/hostsearch/?q="
            + domain
            + "&apikey="
            + key
        )
    else:
        url = "https://api.hackertarget.com/hostsearch/?q=" + domain
    try:
        response = handler.get(url, until_ok=True)._body.decode("utf-8")
        if response == "API count exceeded - Increase Quota with Membership":
            raise Exception("API")
        # split the response in linesr
        lines = response.split("\n")
        # get all the subdomains
        subdomains = []
        for line in lines:
            if line != "" and "*" not in line.split(",")[0]:
                subdomains.append(line.split(",")[0])
        # delete all the occurences in the list

        return subdomains
    except Exception as e:
        if e.args[0] == "API":
            logger.error(f"API count exceeded for hackertarget for {domain}")
        else:
            raise e
        return []

Here you can see that i check if the key is set and if so, i modify the url.

3 - Configuration file

Once you've completed the script to scrap the API, you need to add it to the configuration file.

In the "API" section you can see this :

API :
    mapper :
        alienvault :
            activate : True
            api_key : null
        anubisdb :
            activate : True
            api_key : null
        certspotter :
            activate : True
            api_key : null
        crtsh :
            activate : True
            api_key : null
        hackertarget :
            activate : True
            api_key : null
        rapiddns :
            activate : True
            api_key : null
    trough_proxy: True
    max_workers: 2000

Objects 'activate' and 'api_key' are mandatory. All you have to do is add your new API. Name it with the name you gave to the script file inside /api!

Then you're good to go !

Clone this wiki locally