ShoLister - a tool that collects all available subdomains for specific hostname or organization from Shodan

ShoLister

ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be used from Penetration Tester and Bug Bounty Hunters.

Requirments/Install

1. Shodan paid account.
2. Python3

pip install shodan
pip install termcolor
shodan init YOUR_API_KEY

Usage

-> You have 2 python scripts, the first one will search for your scope subdomains using 2 filters hostname and Ssl.cert.subject.CN The second script will search using filter org

sholister_hostname.py

> scope_domains.txt example:
yahoo.com
uber.com
twitter.com

> Run: 
python3 sholister_hostname.py scope_domains.txt

sholister_org.py

> scope_organizations.txt example: 
Google LLC 
Uber Technologies LLC 
Twitter

> Run: 
python3 sholister_org.py scope_organizations.txt

Differences between ShoLister and Shodan CLI

1. ShoLister based on Shodan Library so they're using the same gateway to get the results.
2. Filter the results to avoid ISP false positive domains.
3. You can pass a file with multiple hosts or organizations names to make it more easier to get the results.
4. ShoLister provide the results as a separate file for each hostname or organization.

Stay in touch <3

LinkedIn | Blog | Twitter