Skip to content

Fix hostmap-crtsh script to correctly parse CT logs and return subdomains #3239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Sweekar-cmd wants to merge 11 commits into from
Closed

Fix hostmap-crtsh script to correctly parse CT logs and return subdomains #3239

Sweekar-cmd wants to merge 11 commits into from

Conversation

@Sweekar-cmd
Copy link

@Sweekar-cmd Sweekar-cmd commented Dec 1, 2025

This PR fixes issue #2183.
● Correctly parses JSON returned by crt.sh
● Removes false positives
● Adds strict/non-strict mode
● Ensures only valid subdomains are returned
● Adds my improvements from hostmap script

nnposter
nnposter requested changes Dec 7, 2025
View reviewed changes
Copy link

@nnposter nnposter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is definitely a good first cut, but it would benefit from a few changes. Please see the individual comments for details.

@Sweekar-cmd
Copy link
Author

Sweekar-cmd commented Dec 8, 2025

@nnposter Thank you for the detailed review!I've tried to incorporate all your feedback:

  1. Parameter renamed: strictlax (inverted logic as suggested)
  2. Author format: Changed to proper table/list format
  3. Subdomain checking: Replaced regex with string comparison to avoid escaping issues
  4. Parameter handling: Now accepts true, "true", and "1" as truthy values
  5. Documentation: Cleaned while preserving original examples and @output section
  6. Default behavior: Strict mode (true subdomains only) when lax unset
  7. Optional behavior: lax=true enables broader hostname matching
    The script now correctly filters out false positives like google.com.gr when querying google.com, while maintaining backward compatibility via the lax parameter.
    All requested changes have been addressed. Please let me know if anything else is needed.

nnposter
nnposter requested changes Dec 10, 2025
View reviewed changes
@Sweekar-cmd
Copy link
Author

Sweekar-cmd commented Dec 10, 2025

Hi @nnposter,
I’ve pushed the latest updates:

  • Implemented all requested changes from your review
  • lax retrieval and lax_mode calculation moved into action()
  • lax_mode passed into query_ctlogs()
  • Deduplication preserved (not hostnames[name])
  • Precomputed suffix is used for faster subdomain checks
  • Removed unnecessary variable duplication
  • Cleaned and simplified strict/lax logic as suggested

Restored the TODO block that I accidentally removed earlier

Everything should now match your review requirements.
Please let me know if anything else needs adjustment — happy to fix it!

Thanks again for the guidance.

@nnposter nnposter linked an issue Dec 10, 2025 that may be closed by this pull request
Script hostmap-crtsh does not return just subdomains #2183
Closed
@nmap-bot nmap-bot closed this in 4d7ed41 Dec 10, 2025
@nnposter
Copy link

nnposter commented Dec 10, 2025

I have committed this PR with some minor tweaks as r39310 and credited you in CHANGELOG. Thank you for contributing to Nmap!

@Sweekar-cmd
Copy link
Author

Sweekar-cmd commented Dec 10, 2025

@nnposter I can't thank you enough! This was my first time contributing to such a major project, and your detailed feedback made it an incredible learning experience. Seeing my code merged into Nmap feels amazing .Thank you very much for the opportunity and for being such a supportive reviewer. I really appreciate it! 🙏

@nnposter nnposter self-assigned this Dec 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nnposter nnposter nnposter requested changes

Assignees

@nnposter nnposter

Labels

enhancement NSE script NSE script

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Script hostmap-crtsh does not return just subdomains

2 participants

@Sweekar-cmd @nnposter