feat: add option to enumerate subdomains

Author: cemulus

README.md

@@ -9,13 +9,15 @@ Usage: crt [options...] <domain name>
 
 Options:
   -o <path> Output file path. Write to file instead of stdout.
+  -s        Enumerate subdomains.
   -e        Exclude expired certificates.
   -l <int>  Limit the number of results. (default: 1000) 
   -json     Turn results to JSON.
   -csv      Turn results to CSV.
 
 Examples:
   crt example.com
+  crt -s -e example.com
   crt -o logs.json -json example.com
   crt -csv -o logs.csv -l 15 example.com
 ```

cmd/cmd.go

@@ -11,24 +11,27 @@ import (
 )
 
 var (
-	filename = flag.String("o", "", "")
-	expired  = flag.Bool("e", false, "")
-	limit    = flag.Int("l", 1000, "")
-	jsonOut  = flag.Bool("json", false, "")
-	csvOut   = flag.Bool("csv", false, "")
+	filename  = flag.String("o", "", "")
+	subdomain = flag.Bool("s", false, "")
+	expired   = flag.Bool("e", false, "")
+	limit     = flag.Int("l", 1000, "")
+	jsonOut   = flag.Bool("json", false, "")
+	csvOut    = flag.Bool("csv", false, "")
 )
 
 var usage = `Usage: crt [options...] <domain name>
 
 Options:
   -o <path> Output file path. Write to file instead of stdout.
+  -s        Enumerate subdomains.
   -e        Exclude expired certificates.
   -l <int>  Limit the number of results. (default: 1000) 
   -json     Turn results to JSON.
   -csv      Turn results to CSV.
 
 Examples:
   crt example.com
+  crt -s -e example.com
   crt -o logs.json -json example.com
   crt -csv -o logs.csv -l 15 example.com
 `
@@ -55,9 +58,13 @@ func Execute() {
 	}
 	defer repo.Close()
 
-	var res result.CertResult
+	var res result.QueryResult
 
-	res, err = repo.GetCertLogs(domain, *expired, *limit)
+	if *subdomain {
+		res, err = repo.GetSubdomains(domain, *expired, *limit)
+	} else {
+		res, err = repo.GetCertLogs(domain, *expired, *limit)
+	}
 	if err != nil {
 		log.Fatal(err)
 	}

repository/database.go

@@ -4,9 +4,9 @@ import (
 	"database/sql"
 	"fmt"
 
-	_ "github.com/lib/pq"
-
 	"github.com/cemulus/crt/result"
+
+	_ "github.com/lib/pq"
 )
 
 var (
@@ -18,48 +18,6 @@ var (
 	login  = fmt.Sprintf("host=%s port=%d user=%s dbname=%s", host, port, user, dbname)
 )
 
-const (
-	statement = `WITH ci AS (
-	SELECT min(sub.CERTIFICATE_ID) ID,
-		min(sub.ISSUER_CA_ID) ISSUER_CA_ID,
-		array_agg(DISTINCT sub.NAME_VALUE) NAME_VALUES,
-		x509_commonName(sub.CERTIFICATE) COMMON_NAME,
-		x509_notBefore(sub.CERTIFICATE) NOT_BEFORE,
-		x509_notAfter(sub.CERTIFICATE) NOT_AFTER,
-		encode(x509_serialNumber(sub.CERTIFICATE), 'hex') SERIAL_NUMBER
-	FROM (SELECT *
-			FROM certificate_and_identities cai
-			WHERE plainto_tsquery('certwatch', '%s') @@ identities(cai.CERTIFICATE)
-				AND cai.NAME_VALUE ILIKE ('%%' || '%s' || '%%')
-				%s --filter
-			LIMIT 10000
-		) sub
-	GROUP BY sub.CERTIFICATE
-)
-SELECT ci.ISSUER_CA_ID,
-	ca.NAME ISSUER_NAME,
-	ci.COMMON_NAME,
-	array_to_string(ci.NAME_VALUES, chr(10)) NAME_VALUE,
-	ci.ID ID,
-	le.ENTRY_TIMESTAMP,
-	ci.NOT_BEFORE,
-	ci.NOT_AFTER,
-	ci.SERIAL_NUMBER
-FROM ci
-	LEFT JOIN LATERAL (
-		SELECT min(ctle.ENTRY_TIMESTAMP) ENTRY_TIMESTAMP
-		FROM ct_log_entry ctle
-		WHERE ctle.CERTIFICATE_ID = ci.ID
-	) le ON TRUE,
-	ca
-WHERE ci.ISSUER_CA_ID = ca.ID
-ORDER BY le.ENTRY_TIMESTAMP DESC NULLS LAST
-LIMIT %d`
-
-	excludeExpired = `AND coalesce(x509_notAfter(cai.CERTIFICATE), 'infinity'::timestamp) >= date_trunc('year', now() AT TIME ZONE 'UTC')
-    AND x509_notAfter(cai.CERTIFICATE) >= now() AT TIME ZONE 'UTC'`
-)
-
 type Repository struct {
 	db *sql.DB
 }
@@ -77,10 +35,10 @@ func (r *Repository) GetCertLogs(domain string, expired bool, limit int) (result
 	filter := ""
 
 	if expired {
-		filter = excludeExpired
+		filter = excludeExpiredFilter
 	}
 
-	stmt := fmt.Sprintf(statement, domain, domain, filter, limit)
+	stmt := fmt.Sprintf(certLogScript, domain, domain, filter, limit)
 
 	rows, err := r.db.Query(stmt)
 	if err != nil {
@@ -129,6 +87,35 @@ func (r *Repository) GetCertLogs(domain string, expired bool, limit int) (result
 	return res, nil
 }
 
+func (r *Repository) GetSubdomains(domain string, expired bool, limit int) (result.SubdomainResult, error) {
+	filter := ""
+
+	if expired {
+		filter = excludeExpiredFilter
+	}
+
+	stmt := fmt.Sprintf(subdomainScript, domain, domain, filter, limit)
+
+	rows, err := r.db.Query(stmt)
+	if err != nil {
+		return nil, fmt.Errorf("failed to query row: %s", err)
+	}
+	defer rows.Close()
+
+	var res result.SubdomainResult
+	var subdmn sql.NullString
+
+	for rows.Next() {
+		if err = rows.Scan(&subdmn); err != nil {
+			return nil, fmt.Errorf("failed to scan row: %s", err)
+		}
+
+		res = append(res, result.Subdomain{Name: subdmn.String})
+	}
+
+	return res, nil
+}
+
 func (r *Repository) Close() error {
 	return r.db.Close()
 }

repository/sql.go

@@ -0,0 +1,50 @@
+package repository
+
+const (
+	certLogScript = `WITH ci AS (
+	SELECT min(sub.CERTIFICATE_ID) ID,
+		min(sub.ISSUER_CA_ID) ISSUER_CA_ID,
+		array_agg(DISTINCT sub.NAME_VALUE) NAME_VALUES,
+		x509_commonName(sub.CERTIFICATE) COMMON_NAME,
+		x509_notBefore(sub.CERTIFICATE) NOT_BEFORE,
+		x509_notAfter(sub.CERTIFICATE) NOT_AFTER,
+		encode(x509_serialNumber(sub.CERTIFICATE), 'hex') SERIAL_NUMBER
+	FROM (SELECT *
+			FROM certificate_and_identities cai
+			WHERE plainto_tsquery('certwatch', '%s') @@ identities(cai.CERTIFICATE)
+				AND cai.NAME_VALUE ILIKE ('%%' || '%s' || '%%')
+				%s --filter
+			LIMIT 10000
+		) sub
+	GROUP BY sub.CERTIFICATE
+)
+SELECT ci.ISSUER_CA_ID,
+	ca.NAME ISSUER_NAME,
+	ci.COMMON_NAME,
+	array_to_string(ci.NAME_VALUES, chr(10)) NAME_VALUE,
+	ci.ID ID,
+	le.ENTRY_TIMESTAMP,
+	ci.NOT_BEFORE,
+	ci.NOT_AFTER,
+	ci.SERIAL_NUMBER
+FROM ci
+	LEFT JOIN LATERAL (
+		SELECT min(ctle.ENTRY_TIMESTAMP) ENTRY_TIMESTAMP
+		FROM ct_log_entry ctle
+		WHERE ctle.CERTIFICATE_ID = ci.ID
+	) le ON TRUE,
+	ca
+WHERE ci.ISSUER_CA_ID = ca.ID
+ORDER BY le.ENTRY_TIMESTAMP DESC NULLS LAST
+LIMIT %d`
+
+	subdomainScript = `SELECT DISTINCT cai.NAME_VALUE
+FROM certificate_and_identities cai
+WHERE plainto_tsquery('certwatch', '%s') @@ identities(cai.CERTIFICATE)
+	AND cai.NAME_VALUE ILIKE ('%%' || '%s' || '%%')
+	%s --filter
+LIMIT %d`
+
+	excludeExpiredFilter = `AND coalesce(x509_notAfter(cai.CERTIFICATE), 'infinity'::timestamp) >= date_trunc('year', now() AT TIME ZONE 'UTC')
+	AND x509_notAfter(cai.CERTIFICATE) >= now() AT TIME ZONE 'UTC'`
+)

result/result.go

@@ -0,0 +1,8 @@
+package result
+
+type QueryResult interface {
+	Table() string
+	JSON() (string, error)
+	CSV() (string, error)
+	Size() int
+}

result/subodomain.go

@@ -0,0 +1,65 @@
+package result
+
+import (
+	"bytes"
+	"encoding/csv"
+	"encoding/json"
+	"fmt"
+
+	"github.com/olekukonko/tablewriter"
+)
+
+type Subdomain struct {
+	Name string `json:"subdomain"`
+}
+
+type SubdomainResult []Subdomain
+
+func (s SubdomainResult) Table() string {
+	res := new(bytes.Buffer)
+	table := tablewriter.NewWriter(res)
+
+	table.SetHeader([]string{"Subdomains"})
+
+	table.SetHeaderColor(tablewriter.Color(tablewriter.FgHiBlueColor))
+	table.SetColumnColor(tablewriter.Color(tablewriter.FgHiYellowColor))
+
+	for _, sub := range s {
+		table.Append([]string{sub.Name})
+	}
+
+	table.SetRowLine(true)
+	table.SetRowSeparator("—")
+	table.Render()
+
+	return res.String()
+}
+
+func (s SubdomainResult) JSON() (string, error) {
+	res, err := json.MarshalIndent(s, "", "\t")
+	if err != nil {
+		return "", fmt.Errorf("failed to marshal results: %s", err)
+	}
+
+	return string(res), nil
+}
+
+func (s SubdomainResult) CSV() (string, error) {
+	res := new(bytes.Buffer)
+	w := csv.NewWriter(res)
+
+	if err := w.Write([]string{"subdomain"}); err != nil {
+		return "", fmt.Errorf("failed to write CSV headers: %s", err)
+	}
+
+	for _, sub := range s {
+		if err := w.Write([]string{sub.Name}); err != nil {
+			return "", fmt.Errorf("failed to write CSV content: %s", err)
+		}
+	}
+	w.Flush()
+
+	return res.String(), nil
+}
+
+func (s SubdomainResult) Size() int { return len(s) }