ICU Link to heading
Is a tool to constantly keep an updated database with all your assets. It contains the program linked to the domain, the domain status, if the (sub)domain is in scope and more…
Why? Link to heading
I use this tool a lot, to monitor programs for new domains. When there is a new online subdomain found, it will send me an alert and I can quickly check out the subdomain before others do. I personally find this very useful since it replaces the process to scan a domain multiple times with subdomains scanners manually. Now you can just add the domain, and fire up a scan for the domain. Next, you check the results in the simple web application and you’re done. No need for keeping stuff in folders and going through each file separate. For this reason, I created ICU. For the simplicity of managing domains.
How does it work? Link to heading
ICU works by creating a crontask that periodically runs a script, which will collect the subdomains from various subdomain scanners including Sublist3r, Amass and Subfinder. (You can relatively easy add new subdomain scanners by just adding a new line in the domains_db.py file) Next, the domains get saved to text files in the ‘tmp’ folder, and are then combined and made unique. After all the scanners have finished, it will loop through the file and add or update each subdomain with the corresponding information, like the BBP, the status and the link to the primary domain.
Telegram Link to heading
ICU includes a telegram notification system and bot. When a scan is finished, it sends a notification with the amount of new online subdomains found. With the main.py CLI script, you can view which domains those are and you can manage them.
To use the telegram part of ICU, you will need to create a telegram bot or add your existing telegram bot token in ‘credentials.py’. The following step is to run the ‘setup.py’ script to finish the telegram setup. This script will ask you to send ‘/start’ to the bot. When you send the start command, the script will register and save the ‘chat_id’, so it can be used for authentication and for the notification script. The notification script does not need to run constantly. The bot, however, does. If you want to use the bot, you will need to run it o your server. You can easily do this by running the following command: “python telegram/bot.py &”.
Features Link to heading
- Logs errors, and saves them to the database
- Logs which domains were found with which scans
- Saves a unique list of all you domains, together with their subdomains
- Saves the BBP or another reference with the domain
- Has an initialize script to create the database with the tables
- Has a database test script to check if the database and tables have been created successfully
- Has a web interface where you can quickly find all you domains and subdomains, where you can search though them as well
- Has a CLI script where you can manage your assets and scans
- And a lot more…
Installation Link to heading
Run the following commands to install ICU:
git clone https://github.com/003random/ICU
cd ICU
./install.sh
The installation script asks for various things, including your MySQL database username and password. These will be saved in credentials.py. You can always change these credentials later on. You might need to install some modules if the script tool throws an error like “ImportError: No module named MySQLdb”.
Help Link to heading
I hope you find this useful. If you do, make sure to star the repo so I can see you like it. 😉 If you need any help with the installation after you have of course tried to fix it yourself. Then you can hit me up in the BugBountyWorld and the BugBountyForum slack channel. You can also send me a DM on Twitter if you are in neither of those channels. Feedback is always welcome. Same with pull request on Github, to make this project even better 🙂