first commit

Author: ReverseTEN

Hosts.txt

@@ -0,0 +1,75 @@
+
+<h1 align="center">
+  <br>
+<img src="https://user-images.githubusercontent.com/59805766/222643217-ea37efe1-fd1a-42fe-9081-ce9609cffe70.png" alt="CenQuest"></a>
+</h1>
+<h4 align="center">A Python script using the Censys API to search for internet-facing hosts based on custom queries</h4>
+
+<p align="center">
+<a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/license-MIT-_red.svg"></a>
+<a href="https://github.com/ReverseTEN/CenQuest/issues"><img src="https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat"></a>
+</p>
+
+<p align="center">
+
+
+
+# CenQuest
+
+CenQuest is a Python script that uses the Censys API to search for internet-facing hosts based on custom search queries. It retrieves the IP addresses and port numbers of all matching hosts and stores the results in a file called `Hosts.txt`. 
+
+In addition,CenQuest includes a **resume search feature that enables you to pick up where you left off without having to restart the search**. This feature utilizes a CSV file called Info.csv, which keeps track of previously executed search queries and the number of pages retrieved for each query.
+
+## Requirements
+
+To run the script, you need to have the following:
+
+- Python 3.x
+- A Censys account with API credentials
+
+Set up your Censys API credentials by creating a file named `config.ini` in the same directory as the script, with the following format:
+
+```
+
+[Censys Api Config]
+
+api=YOUR_CENSYS_UID
+secret=YOUR_CENSYS_SECRET
+
+```
+
+
+## Usage
+To use the script, you need to provide a search query and the number of pages you want to retrieve. Here's an example command:
+
+```bash
+git clone https://github.com/ReverseTEN/CenQuest.git
+cd CenQuest
+python cenquest.py [-h] -q QUERY -p PAGES
+
+```
+
+The following arguments are available:
+
+- -h, --help: show the help message and exit.
+- -q QUERY, --query QUERY: search query to be executed.
+- -p PAGES, --pages PAGES: number of pages to retrieve.
+
+### Example:
+
+```bash
+
+python3 cenquest.py -q "apache" -p 5
+
+```
+
+This will search for hosts with the word "apache" in their banners and retrieve the first 5 pages of results. The results will be written to the `Hosts.txt` file in the same directory as the script.
+
+
+## Resume Search
+
+CenQuest uses a CSV file called `Info.csv` to keep track of which search queries have already been executed and how many pages of results were obtained for each query. This allows the script to resume a search from where it left off, in case the script is interrupted or terminated prematurely.
+
+
+## Disclaimer
+This script is for educational purposes only. Use it at your own risk.

Info.csv

@@ -0,0 +1,33 @@
+import argparse
+import censys
+
+def banner():
+    print(("""%s
+   ____                   ___                         _   
+  / ___|   ___   _ __    / _ \   _   _    ___   ___  | |_ 
+ | |      / _ \ | '_ \  | | | | | | | |  / _ \ / __| | __|
+ | |___  |  __/ | | | | | |_| | | |_| | |  __/ \__ \ | |_ 
+  \____|  \___| |_| |_|  \__\_\  \__,_|  \___| |___/  \__|
+                                                      
+                  %s%s# Coded By ReverseTEN - http://github.com/ReverseTEN%s
+    """ % ('\033[91m', '\033[0m', '\033[93m', '\033[0m')))
+
+
+def parse_args():
+    parser = argparse.ArgumentParser(
+        description='Search for information using Censys',
+        epilog='Example usage: python my_script.py -q "80.http.get.headers.server: Apache" -p 3'
+    )
+    parser.add_argument('-q', '--query', help='search query', type=str , required=True)
+    parser.add_argument('-p','--pages',help='number of pages to retrieve',type=int,required=True)
+
+    args = parser.parse_args()
+    return args
+
+
+if __name__=='__main__':
+    banner()
+    args = parse_args()
+    censys.query=args.query
+    censys.PageNm=args.pages
+    censys.run()

README.md

@@ -0,0 +1,192 @@
+import requests
+import csv
+import config
+
+
+Url = 'https://search.censys.io/api/v2'
+ch = config.config()
+api=ch[0]
+secret=ch[1]
+query=''
+PageNm=int
+CheckList=[]
+
+def getIps(ips):
+    with open('Hosts.txt','a') as f:
+        f.write(f'{ips}\n')
+        f.close
+
+
+def LastActivity(PageNUM,LastPage,Next='N'):
+    data=[query,PageNUM,LastPage,Next]
+    with open('Info.csv','a') as csvfile:
+        writer=csv.writer(csvfile)
+        writer.writerow(data)
+        csvfile.close()
+
+
+
+
+def CheckInfo():
+    
+    with open ('Info.csv','r') as csvf :
+        try:
+            reader = csv.reader(csvf)
+            for row in reader:
+                if query in list(row):
+                    CheckList.append(row)
+            lastrow=list.pop(CheckList)
+            if lastrow[3] == "Y":
+                print(f"[!] The last page of this query ({lastrow[0]}) is {int(lastrow[1])}. The next page does not exist!")
+                
+                exit()
+            x = input(f"[!] This query ({lastrow[0]}) has already been used for {lastrow[1]} pages. Do you want to start from page {int(lastrow[1])+1} onwards? (y/n): ").upper()
+
+            if x== 'Y':
+                return int(lastrow[1]) , lastrow[2]
+            elif x=='N':
+                return None
+            if x!= 'Y' or 'N':
+                exit()
+            csvf.close()
+        except IndexError :
+            return None
+
+def request():
+
+    params = {'q':query,'per_page':0,'virtual_hosts':'EXCLUDE'}
+    res = requests.post(Url+'/hosts/search',json=params,auth=(api,secret))
+    payload = res.json()
+    CheckError(payload['code'])
+    if payload['status']=='OK':
+        result = payload["result"]
+        page=result["links"]["next"] 
+        return page
+
+
+
+def getcursor1(pageNum):
+    cn =1
+    has_next_key = False
+    next = ""
+    params2 = {'cursor':request(),'q':query,'per_page':27,'virtual_hosts':'EXCLUDE'}
+    res2 = requests.post(Url+'/hosts/search',json=params2,auth=(api,secret))
+    payload2 = res2.json()
+    if payload2['code'] ==200:
+        result = payload2["result"]['hits']
+        for reader in result:
+            ip =reader['ip']
+            services = reader['services']
+            for port in services:
+                if port['service_name'] == "HTTP":
+                    print('%s:%s'%(ip,port['port']))
+                    getIps('%s:%s'%(ip,port['port']))
+        if 'next' in payload2['result']['links']:
+            has_next_key = True
+            next=payload2['result']['links']['next']
+
+
+        else:
+            CheckError(payload2['code'])
+            
+    while has_next_key and cn !=pageNum :
+        
+        
+        params3 = {'cursor':next,'q':query,'per_page':25,'virtual_hosts':'EXCLUDE'}
+
+        req =requests.post(Url+'/hosts/search',json=params3,auth=(api,secret))
+        payload3 = req.json()
+        CheckError(payload3['code'])
+        result2 = payload3["result"]['hits']
+        for reader2 in result2:
+            ip =reader2['ip']
+            services = reader2['services']
+            for port in services:
+                if port['service_name'] == "HTTP":
+                    print('%s:%s'%(ip,port['port']))
+                    getIps('%s:%s'%(ip,port['port']))
+        if 'next' in payload3['result']['links']:
+            next=payload3['result']['links']['next']
+            cn +=1
+        if cn ==pageNum:
+            LastActivity(cn,next)
+        if payload3['result']['links']['next'] == '':
+            print('The next page does not exist')
+            LastActivity(cn,next,'Y')
+            exit()
+            
+
+def getcursor2(LastPage,cursor,numbberOfpages):
+    cn =LastPage
+    flag= cn +numbberOfpages
+    has_next_key = False
+    next = ""
+    params2 = {'cursor':cursor,'q':query,'per_page':25,'virtual_hosts':'EXCLUDE'}
+    res2 = requests.post(Url+'/hosts/search',json=params2,auth=(api,secret))
+    payload2 = res2.json()
+    if payload2['code'] ==200:
+        result = payload2["result"]['hits']
+        for reader in result:
+            ip =reader['ip']
+            services = reader['services']
+            for port in services:
+                if port['service_name'] == "HTTP":
+                    print('%s:%s'%(ip,port['port']))
+                    getIps('%s:%s'%(ip,port['port']))
+        if 'next' in payload2['result']['links']:
+            has_next_key = True
+            next=payload2['result']['links']['next']
+
+            
+        else:
+            CheckError(payload2['code'])
+            
+    while has_next_key and cn !=flag :        
+        params3 = {'cursor':next,'q':query,'per_page':25,'virtual_hosts':'EXCLUDE'}
+
+        req =requests.post(Url+'/hosts/search',json=params3,auth=(api,secret))
+        payload3 = req.json()
+        CheckError(payload3['code'])
+        result2 = payload3["result"]['hits']
+        for reader2 in result2:
+            ip =reader2['ip']
+            services = reader2['services']
+            for port in services:
+                if port['service_name'] == "HTTP":
+                    print('%s:%s'%(ip,port['port']))
+                    getIps('%s:%s'%(ip,port['port']))
+        if 'next' in payload3['result']['links']:
+            next=payload3['result']['links']['next']
+            cn +=1
+        if cn ==flag:
+            LastActivity(cn,next)
+        if payload3['result']['links']['next'] == '':
+            print('The next page does not exist')
+            LastActivity(cn,next,'Y')
+            exit()
+
+
+def CheckError(Code):
+    if Code==400:
+        print('[!] Invalid search. Your query could not be parsed')
+    elif Code==401:
+        print('[!] You must authenticate with a valid API ID and secret.')
+    elif Code==403:
+        print('[!] Access was denied for this resource or feature.')
+    elif Code==422:
+        print('[!] Invalid cursor')
+    elif Code==403:
+        print('[!] Access was denied for this resource or feature.')
+    elif Code==429:
+        print('[!] You have used your full quota for this billing period')
+
+
+def run():
+    checker= CheckInfo()
+    if checker ==None:
+        getcursor1(PageNm)
+        print('[+] Check Hosts.txt')
+    elif checker != None:
+        getcursor2(checker[0],checker[1],PageNm)
+        print('[+] Check Hosts.txt')
+        

cenquest.py

@@ -0,0 +1,4 @@
+[Censys Api Config]
+
+api=
+secret=

censys.py

@@ -0,0 +1,11 @@
+import configparser
+
+def config():
+
+    config= configparser.ConfigParser()
+    config.read('config.ini')
+    if config['Censys Api Config']['api'] =='' or config['Censys Api Config']['secret'] == '':
+        print("[!] Enter your Api and Secret In Config.ini")
+        exit()
+    else:
+        return config['Censys Api Config']['api'] , config['Censys Api Config']['secret']