ct-abuse

#!/usr/bin/env bash
# bash-scripts/ct-abuse

# ct-abuse
# 	Enumerate HTTPS enabled subdomains via Certificate Transparency 

set -euo pipefail
# -e exit if any command returns non-zero status code
# -u prevent using undefined variables
# -o pipefail force pipelines to fail on first non-zero status code

IFS=$'\n\t'
# Set Internal Field Separator to newlines and tabs
# This makes bash consider newlines and tabs as separating words
# See: http://redsymbol.net/articles/unofficial-bash-strict-mode/

### Define Colours ###
tput sgr0; 
# reset colors

readonly RESET=$(tput sgr0)
readonly BOLD=$(tput bold)

readonly RED=$(tput setaf 1)
readonly ORANGE=$(tput setaf 3)
readonly GREEN=$(tput setaf 64)
### END Colours ###

### Define output messages ###
FATAL="${RED}FATAL${RESET}"
INFO="${ORANGE}INFO${RESET}"
### END output messages ###


function usage {
	
	echo "Usage: ./ct-abuse.sh {target_domain}"
}


function check_curl () {

	if ! [ -x "$(command -v curl)" ]; then 
		echo "[${FATAL}] curl not installed"
		echo "[${INFO}] Linux: apt install curl"
		exit 1
	fi
}


function get_subdomains () {

	local subdomains=()

	# shellcheck disable=SC2207
	mapfile -t subdomains < <(curl --silent "https://crt.sh/?q=%25.${1}&output=json" \
							| grep -Eo '"name_value":(\d*?,|.*?[^\\]",)' \
							| awk -F '"' '{print $4}' \
							| sort -u)
	# grep regex from: https://stackoverflow.com/a/6852427

	for result in "${subdomains[@]}"; do
		echo "${result}"
	done
}


function main {

	local target_domain=${1:-""}

	if [[ $# -eq 0 ]] ; then
		# If no args then print help
    	usage
    	exit 1
	fi

	check_curl

	get_subdomains "${target_domain}"
}

main "$@"