subscan 1.3.0

A subdomain enumeration tool leveraging diverse techniques, designed for advanced pentesting operations
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

use std::collections::BTreeSet;

use reqwest::Url;
use serde_json::Value;

use crate::{
    enums::{
        auth::AuthenticationMethod,
        content::Content,
        dispatchers::{RequesterDispatcher, SubscanModuleDispatcher},
    },
    error::ModuleErrorKind::JSONExtract,
    extractors::json::JSONExtractor,
    modules::generics::integration::GenericIntegrationModule,
    requesters::client::HTTPClient,
    types::{
        core::{Result, Subdomain, SubscanModuleCoreComponents},
        func::GenericIntegrationCoreFuncs,
    },
};

pub const BUILTWITH_MODULE_NAME: &str = "builtwith";
pub const BUILTWITH_URL: &str = "https://api.builtwith.com/v21/api.json";

/// `BuiltWith` API integration module
///
/// It uses [`GenericIntegrationModule`] its own inner
/// here are the configurations
///
/// | Property           | Value                                        |
/// |:------------------:|:--------------------------------------------:|
/// | Module Name        | `builtwith`                                  |
/// | Doc URL            | <https://api.builtwith.com>                  |
/// | Authentication     | [`AuthenticationMethod::APIKeyAsQueryParam`] |
/// | Requester          | [`HTTPClient`]                               |
/// | Extractor          | [`JSONExtractor`]                            |
/// | Generic            | [`GenericIntegrationModule`]                 |
pub struct BuiltWith {}

impl BuiltWith {
    pub fn dispatcher() -> SubscanModuleDispatcher {
        let requester: RequesterDispatcher = HTTPClient::default().into();
        let extractor: JSONExtractor = JSONExtractor::new(Box::new(Self::extract));

        let generic = GenericIntegrationModule {
            name: BUILTWITH_MODULE_NAME.into(),
            auth: AuthenticationMethod::APIKeyAsQueryParam("KEY".into()),
            funcs: GenericIntegrationCoreFuncs {
                url: Box::new(Self::get_query_url),
                next: Box::new(Self::get_next_url),
            },
            components: SubscanModuleCoreComponents {
                requester: requester.into(),
                extractor: extractor.into(),
            },
        };

        generic.into()
    }

    pub fn get_query_url(domain: &str) -> String {
        let params = &[
            ("HIDETEXT", "yes"),
            ("HIDEDL", "yes"),
            ("NOLIVE", "yes"),
            ("NOMETA", "yes"),
            ("NOPII", "yes"),
            ("NOATTR", "yes"),
            ("LOOKUP", domain),
        ];

        let url = Url::parse_with_params(BUILTWITH_URL, params);

        url.unwrap().to_string()
    }

    pub fn get_next_url(_url: Url, _content: Content) -> Option<Url> {
        None
    }

    pub fn extract(content: Value, domain: &str) -> Result<BTreeSet<Subdomain>> {
        let mut subdomains = BTreeSet::new();

        let filter = |item: &Value| Some(format!("{}.{}", item["SubDomain"].as_str()?, domain));
        let results = content["Results"].as_array().ok_or(JSONExtract)?;

        for result in results {
            if let Some(paths) = result["Result"]["Paths"].as_array() {
                subdomains.extend(paths.iter().filter_map(filter));
            }
        }

        Ok(subdomains)
    }
}