Skip to content

cub01d5/DomainIPSearchTool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
.env_demo
.env_demo
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
bulk_search.py
bulk_search.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

🔍 Bulk Domain and IP Search Tool

This Python script is designed to assist in cyber threat intelligence analysis and research activities. 🕵️‍♀️💻

🚀 Features

  • Retrieves domains/IPs from multiple sources:
    • 🌐 urlscan.io
    • 🔎 FOFA
    • 🌍 Censys
    • 🖧 Shodan
    • ⌨️ Direct input
  • Searches for articles related to the found domains/IPs using:
    • 🔍 Bing Search API
    • 🔎 Google Custom Search API
  • 🧐 Analyzes search results to find mentions of domains/IPs on other websites
  • ✅ Verifies the presence of domains/IPs in article texts, considering various escaping techniques
  • 💾 Option to save results to a text file

🎯 Use Cases in Cyber Threat Intelligence

  1. 🚀 Efficient Data Gathering: Quickly collect information on multiple domains or IPs from various sources.
  2. 🧩 Context Enrichment: Find existing research and articles mentioning your targets, providing additional context.
  3. ⏱️ Time-Saving: Automate the process of searching multiple sources and analyzing results.
  4. 🌐 Comprehensive Coverage: Leverage multiple data sources and search engines for a broader view.
  5. 🔍 Result Verification: Automatically check if the domain/IP is mentioned in the article text, reducing false positives.

🛠️ Requirements

  • 🐍 Python 3.x
  • 📚 Libraries: requests, python-dotenv

⚙️ Configuration

Before running the script, configure the API keys:

  1. 📁 Create a .env file in the same directory as the script
  2. 🔑 Add your API keys to the .env file in the following format: 
    URLSCAN_API_KEY=your_urlscan_api_key_here
BING_API_KEY=your_bing_api_key_here
FOFA_API_KEY=your_fofa_api_key_here
CENSYS_API_KEY=your_censys_api_key_here
SHODAN_API_KEY=your_shodan_api_key_here
GOOGLE_API_KEY=your_google_api_key_here
GOOGLE_SEARCH_ENGINE_ID=your_google_search_engine_id_here
RESULT_LIMIT=100
  3. 🔐 Obtain API keys from:

The script will automatically read the API keys and settings from the .env file.

🚀 Usage

  1. 🖥️ Run the script: python bulk_search.py
  2. 🔢 Select the search source (URLScan, FOFA, Censys, Shodan, or Direct Input)
  3. 🔤 Enter the search query or domains/IPs when prompted
  4. 🔍 Choose the search engine for articles (Bing or Google)
  5. 👀 Review the displayed results
  6. 💾 Optionally save the results to a file

📊 Output

For each found domain/IP, the script will display:

  • 📌 Article title
  • 📝 Article snippet
  • 🔗 Article URL

Only articles with confirmed mentions of the domain/IP are shown. 👍

About

A Python tool for cybersecurity research that searches multiple sources for domains/IPs, finds related articles using Bing or Google APIs, and verifies mentions in the content. It aids in threat intelligence by providing a comprehensive view of online references to specified targets.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages