ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be used from Penetration Tester and Bug Bounty Hunters.
- Shodan paid account.
- Python3
pip install shodan
pip install termcolor
shodan init YOUR_API_KEY
-> You have 2 python scripts, the first one will search for your scope subdomains using 2 filters hostname and Ssl.cert.subject.CN The second script will search using filter org
sholister_hostname.py
> scope_domains.txt example:
yahoo.com
uber.com
twitter.com
> Run:
python3 sholister_hostname.py scope_domains.txt
sholister_org.py
> scope_organizations.txt example:
Google LLC
Uber Technologies LLC
Twitter
> Run:
python3 sholister_org.py scope_organizations.txt
- ShoLister based on Shodan Library so they're using the same gateway to get the results.
- Filter the results to avoid ISP false positive domains.
- You can pass a file with multiple hosts or organizations names to make it more easier to get the results.
- ShoLister provide the results as a separate file for each hostname or organization.