Added Facebook token configuration option.

Please see https://git.io/fjNMA for more info. Also we now don't declare CT API URLs if they aren't going to be used resulting in a performance improvement.
Findomain · Aug 24, 2019 · 1716e26 · 1716e26
1 parent 4bc1792
commit 1716e26
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 31 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "findomain"
-version = "0.2.1"
+version = "0.2.2"
 authors = ["Eduard Toloza <[email protected]>"]
 edition = "2018"
 description = "The fastest and cross-platform subdomain enumerator, don't waste your time."

diff --git a/src/auth.rs b/src/auth.rs
@@ -0,0 +1,12 @@
+use std::env;
+
+pub fn get_auth_token(api: &str) -> String {
+    if api == "facebook" {
+        match env::var("findomain_fb_token") {
+            Ok(token) => token,
+            Err(_) => String::from(""),
+        }
+    } else {
+        String::from("")
+    }
+}
diff --git a/src/cli.yml b/src/cli.yml
@@ -1,5 +1,5 @@
 name: findomain
-version: "0.2.1"
+version: "0.2.2"
 author: Eduard Tolosa <[email protected]>
 settings:
     - ArgRequiredElseHelp

diff --git a/src/lib.rs b/src/lib.rs
@@ -14,6 +14,8 @@ use std::time::Duration;
 use trust_dns_resolver::{config::ResolverConfig, config::ResolverOpts, Resolver};
 use url::Url;
 
+mod auth;
+
 #[derive(Deserialize, PartialEq, PartialOrd, Ord, Eq)]
 struct SubdomainsCertSpotter {
     dns_names: Vec<String>,
@@ -68,41 +70,66 @@ pub fn get_subdomains(
         "&include_subdomains=true&expand=dns_names",
     ]
     .concat();
-    let ct_api_url_virustotal = [
-        "https://www.virustotal.com/ui/domains/",
-        &target,
-        "/subdomains?limit=40",
-    ]
-    .concat();
-    let ct_api_url_crtsh = ["https://crt.sh/?q=%.", &target, "&output=json"].concat();
-    let ct_api_url_sublist3r = ["https://api.sublist3r.com/search.php?domain=", &target].concat();
-    let ct_api_url_fb = [
-        "https://graph.facebook.com/certificates?query=",
-        &target,
-        "&fields=domains&limit=10000&access_token=298348064419358|RrUIvPdydH023XhrMh1xBzv9dTM",
-    ]
-    .concat();
 
     println!("\nTarget ==> {}\n", &target);
 
     if all_apis == &1 {
-        let all_subdomains = vec![
-            get_certspotter_subdomains(&ct_api_url_certspotter, &with_proxy, &proxy),
-            get_crtsh_subdomains(&ct_api_url_crtsh, &with_proxy, &proxy),
-            get_virustotal_subdomains(&ct_api_url_virustotal, &with_proxy, &proxy),
-            get_sublist3r_subdomains(&ct_api_url_sublist3r, &with_proxy, &proxy),
-            get_facebook_subdomains(&ct_api_url_fb, &with_proxy, &proxy),
-        ];
+        let ct_api_url_virustotal = [
+            "https://www.virustotal.com/ui/domains/",
+            &target,
+            "/subdomains?limit=40",
+        ]
+        .concat();
+        let ct_api_url_crtsh = ["https://crt.sh/?q=%.", &target, "&output=json"].concat();
+        let ct_api_url_sublist3r =
+            ["https://api.sublist3r.com/search.php?domain=", &target].concat();
 
-        let all_subdomains_vec = all_subdomains.into_iter().fold(None, concat_options);
+        let facebook_access_token = auth::get_auth_token("facebook");
 
-        manage_subdomains_data(
-            all_subdomains_vec,
-            &target,
-            &with_ip,
-            &with_output,
-            &file_format,
-        );
+        if facebook_access_token.is_empty() {
+            let all_subdomains = vec![
+                get_certspotter_subdomains(&ct_api_url_certspotter, &with_proxy, &proxy),
+                get_crtsh_subdomains(&ct_api_url_crtsh, &with_proxy, &proxy),
+                get_virustotal_subdomains(&ct_api_url_virustotal, &with_proxy, &proxy),
+                get_sublist3r_subdomains(&ct_api_url_sublist3r, &with_proxy, &proxy),
+            ];
+
+            let all_subdomains_vec = all_subdomains.into_iter().fold(None, concat_options);
+
+            manage_subdomains_data(
+                all_subdomains_vec,
+                &target,
+                &with_ip,
+                &with_output,
+                &file_format,
+            );
+            println!("If you want to search in the Facebook API, don't forget to set the findomain_fb_token variable in your system\nSee the following documentation: https://git.io/fjNMA for setup and more info.")
+        } else {
+            let ct_api_url_fb = [
+                "https://graph.facebook.com/certificates?query=",
+                &target,
+                "&fields=domains&limit=10000&access_token=",
+                &facebook_access_token,
+            ]
+            .concat();
+            let all_subdomains = vec![
+                get_certspotter_subdomains(&ct_api_url_certspotter, &with_proxy, &proxy),
+                get_crtsh_subdomains(&ct_api_url_crtsh, &with_proxy, &proxy),
+                get_virustotal_subdomains(&ct_api_url_virustotal, &with_proxy, &proxy),
+                get_sublist3r_subdomains(&ct_api_url_sublist3r, &with_proxy, &proxy),
+                get_facebook_subdomains(&ct_api_url_fb, &with_proxy, &proxy),
+            ];
+
+            let all_subdomains_vec = all_subdomains.into_iter().fold(None, concat_options);
+
+            manage_subdomains_data(
+                all_subdomains_vec,
+                &target,
+                &with_ip,
+                &with_output,
+                &file_format,
+            );
+        }
     } else {
         manage_subdomains_data(
             get_certspotter_subdomains(&ct_api_url_certspotter, &with_proxy, &proxy),