How to Make a Subdomain Scanner in Python?
Last Updated :
23 Jan, 2023
In this article, we are going to scan the subdomains using requests module in Python, which allows us to easily make HTTPS requests to get information from the websites. To install the requests module, write the following command in your command prompt.
pip install requests
The URL (Uniform Resource Locator) consists mainly of four parts:
- Protocol
- Sub-domain
- Domain Name or Second level domain (SLD)
- Top-level domain (TLD)
The below figure demonstrating all four parts of the URL.
Subdomains are defined as the part of the domain that comes before the Domain name and Domain extension i.e, Top-level domain (TLD). Subdomains are used for organizing or dividing web content into distinct sections. Subdomains help us to separate our website into sections, subdomains are viewed as different websites.
Subdomain File Used:
mail
mail2
www
ns2
ns1
blog
localhost
m
ftp
mobile
ns3
smtp
search
api
dev
secure
webmail
admin
img
news
sms
marketing
test
video
www2
media
static
ads
mail2
beta
wap
blogs
download
dns1
www3
origin
shop
forum
chat
www1
image
new
tv
dns
services
music
images
pay
ddrint
conc
Approach:
- Firstly we have a list of subdomain names in the text file to scan those subdomains by putting in URL, you can get this list of subdomains from google.
- Now we have to create the URL by concatenating or using f string with protocol, subdomain, and domain name.
- We have to use for loop for putting subdomains in the URL one by one for scanning.
- To avoid the program to get crash when the subdomain is invalid with the domain name we have to use a try-catch block to skip that subdomain that was invalid and pass it with the help of catch block and scan the upcoming subdomain with the help of catch block, scanning should be done with the help of request module, for the specific URL get request should be sent to the server according to server response URL will be printed.
- As soon as subdomains are scanned and valid then URL is printed.
Steps Needed
- Import request module
- Create a function for scanning the subdomains and pass domain name and list of subdomains as a parameter.
- Run for loop for each subdomain present in the list, and concatenate subdomain with protocol and domain name in the URL sequence and stored it in the variable let named as “URL”.
- Now we use requests.get() function and in that pass, URL to retrieve the information from the given server by using given URL, if we are able to retrieve information from the server means that subdomain is valid with that domain name otherwise we will pass it for that we used to try and catch block in try block we will pass the request.get() function and after scanning, we will print that URL otherwise we will catch in the catch block and pass.
- Then create the main function, in the take user input of the domain name.
- Then open the list of the subdomains text files from the storage in read mode for scanning each subdomain.
- After opening the file in read mode we are using splitlines() function for storing the split strings in the variable let named as “sub_dom”.
- Now call the function which we had created for scanning the subdomain bypassing domain name and sub_dom.
Showing subdomain names present in the text file and creating a list of that subdomains.
Python
with open('subdomain_names.txt','r') as file:
name = file.read()
sub_dom = name.splitlines()
print(f"Number of subdomain names present in the file are: {len(sub_dom)}\n")
print("List of subdomain names present in the file\n")
print(sub_dom)
|
Output:
In the above code, we are opening the text file from the storage in which our subdomain names are present which we have to scan and also after opening the file from the storage in read mode we are making the list of content present in that file and printing number of subdomain names present in the file and printing the list of subdomain names.
The text file contains only 50 subdomains for demonstration you can take as many subdomain as you want to scan according to your need. So in the above output image list of subdomains is printed which we will scan in the upcoming example.
We will use this piece of code in scanning the subdomains.
Example 1: Subdomain scanner program using Python.
Python
import requests
def domain_scanner(domain_name,sub_domnames):
print('----URL after scanning subdomains----')
for subdomain in sub_domnames:
url = f"https://{subdomain}.{domain_name}"
try:
requests.get(url)
print(f'[+] {url}')
except requests.ConnectionError:
pass
if __name__ == '__main__':
dom_name = input("Enter the Domain Name:")
with open('subdomain_names1.txt','r') as file:
name = file.read()
sub_dom = name.splitlines()
domain_scanner(dom_name,sub_dom)
|
Output:
The scanning time will depend on the number of subdomains you are scanning, for the demonstration I have some names of subdomains in the text file, you can add as many as subdomains you want to scan.
Example 2: Subdomain scanner for Wikipedia using Python.
Python
import requests
def domain_scanner(domain_name,sub_domnames):
print('-----------Scanner Started-----------')
print('----URL after scanning subdomains----')
for subdomain in sub_domnames:
url = f"https://{subdomain}.{domain_name}"
try:
requests.get(url)
print(f'[+] {url}')
except requests.ConnectionError:
pass
print('\n')
print('----Scanning Finished----')
print('-----Scanner Stopped-----')
if __name__ == '__main__':
dom_name = input("Enter the Domain Name:")
print('\n')
with open('subdomain_names1.txt','r') as file:
name = file.read()
sub_dom = name.splitlines()
domain_scanner(dom_name,sub_dom)
|
Output:
Similar Reads
How to Build a SQL Injection Scanner in Python?
In general terms, SQLi is the most prevalent and dangerous code insertion technique. An SQLi attack is meant to send malicious SQL commands to the database server. The most common attack goal is bulk extraction of knowledge. Attackers can dump database tables with many thousands of customer records.
4 min read
Knock - Subdomain Scanner Tool in Kali Linux
Knock is a tool written in Python and is designed to enumerate subdomains in a target domain through a wordlist. Installation: First clone the tool from the GitHub repository by using the below command. git clone https://github.com/santiko/KnockPy.git Then Change to your preferred directory. cd Knoc
1 min read
How to Make a DNS Spoof attack using Scapy in Python?
In this article, we are going to discuss how to make a DNS Spoof attack using Scapy in Python. Before starting we need to know few points: DNS Server: The Domain Name System provides a way to match human-readable domain names into IP addresses. Â For example, when we search for google.com, the browse
5 min read
Subdomain in Flask | Python
Prerequisite: Introduction to Flask In this article, we will learn how to setup subdomains in Flask. But first, let's go through the basic like what is DNS and subdomains. Domain Name System (DNS): The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services
3 min read
Port Scanner using Python
Prerequisites: Socket Programming in Python This article is just to provide a sample code to generate a Port Scanner. This Port Scanner will work for both the Web Applications as well as remote Host. This tool has been created to provide the basic functionality of a Port Scanner. The general concept
2 min read
How to Build Web scraping bot in Python
In this article, we are going to see how to build a web scraping bot in Python. Web Scraping is a process of extracting data from websites. A Bot is a piece of code that will automate our task. Therefore, A web scraping bot is a program that will automatically scrape a website for data, based on our
8 min read
How to Urlencode a Querystring in Python?
URL encoding a query string consists of converting characters into a format that can be safely transmitted over the internet. This process replaces special characters with a '%' followed by their hexadecimal equivalent. In this article, we will explore three different approaches to urlencode a query
2 min read
Network Scanner in Python
A network scanner is one major tool for analyzing the hosts that are available on the network. A network scanner is an IP scanner that is used for scanning the networks that are connected to several computers. To get the list of the available hosts on a network, there are two basic methods - ICMP Ec
3 min read
How To Follow Links With Python Scrapy ?
In this article, we will use Scrapy, for scraping data, presenting on linked webpages, and, collecting the same. We will scrape data from the website 'https://quotes.toscrape.com/'. Creating a Scrapy Project Scrapy comes with an efficient command-line tool, also called the 'Scrapy tool'. Commands ar
8 min read
Visiting Card Scanner GUI Application using Python
Python is an emerging programming language that consists of many in-built modules and libraries. Which provides support to many web and agile applications. Due to its clean and concise syntax behavior, many gigantic and renowned organizations like Instagram, Netflix so-and-so forth are working in Py
6 min read