Improve GO Version

Python/analyticsrelationships.py

@@ -88,7 +88,7 @@ def get_domains_from_hackertarget(id):
     url = f"https://api.hackertarget.com/analyticslookup/?q={id}"
     try:
         response = requests.get(url)
-        if response.status_code == 200:
+        if response.status_code == 200 and "API count exceeded" not in response.text: 
             return response.text.split("\n")
     except:
         pass

README.md

@@ -1,33 +1,29 @@
-![Supported Python versions](https://img.shields.io/badge/python-3.6+-blue.svg?style=flat-square&logo=python)
-[![Go version](https://img.shields.io/badge/go-v1.16-blue)](https://golang.org/dl/#stable)
-![License](https://img.shields.io/badge/license-GNU-green.svg?style=flat-square&logo=gnu)
-
-
-# DomainRelationShips
-
-```
-██╗   ██╗ █████╗       ██╗██████╗                        
-██║   ██║██╔══██╗      ██║██╔══██╗                       
-██║   ██║███████║█████╗██║██║  ██║                       
-██║   ██║██╔══██║╚════╝██║██║  ██║                       
-╚██████╔╝██║  ██║      ██║██████╔╝                       
- ╚═════╝ ╚═╝  ╚═╝      ╚═╝╚═════╝                        
-                                                         
-██████╗  ██████╗ ███╗   ███╗ █████╗ ██╗███╗   ██╗███████╗
-██╔══██╗██╔═══██╗████╗ ████║██╔══██╗██║████╗  ██║██╔════╝
-██║  ██║██║   ██║██╔████╔██║███████║██║██╔██╗ ██║███████╗
-██║  ██║██║   ██║██║╚██╔╝██║██╔══██║██║██║╚██╗██║╚════██║
-██████╔╝╚██████╔╝██║ ╚═╝ ██║██║  ██║██║██║ ╚████║███████║
-╚═════╝  ╚═════╝ ╚═╝     ╚═╝╚═╝  ╚═╝╚═╝╚═╝  ╚═══╝╚══════╝
-
-> Get related domains / subdomains by looking at Google Analytics IDs
-> Python/GO versions
-> By @JosueEncinar
-```
-
-This script try to get related domains / subdomains by looking at Google Analytics IDs from a URL. First search for ID of Google Analytics in the webpage and then request to **builtwith** and **hackertarget** with the ID.
-
-**Note**: It does not work with all websites.It is searched by the following expressions: 
+<h1 align="center">
+  <b>AnalyticsRelationships</b>
+  <br>
+</h1>
+<p align="center">
+  <a href="https://golang.org/dl/#stable">
+    <img src="https://img.shields.io/badge/go-1.16-blue.svg?style=flat-square&logo=go">
+  </a>
+  <a href="https://www.python.org/">
+    <img src="https://img.shields.io/badge/python-3.6+-blue.svg?style=flat-square&logo=go">
+  </a>
+   <a href="https://www.gnu.org/licenses/gpl-3.0.en.html">
+    <img src="https://img.shields.io/badge/license-GNU-green.svg?style=square&logo=gnu">
+   <a href="https://twitter.com/JosueEncinar">
+    <img src="https://img.shields.io/badge/author-@JosueEncinar-orange.svg?style=square&logo=twitter">
+  </a>
+</p>
+
+
+<p align="center">
+This script try to get related domains / subdomains by looking at Google Analytics IDs from a URL. First search for ID of Google Analytics in the webpage and then request to <b>builtwith</b> and <b>hackertarget</b> with the ID.
+</p>
+<br/>
+<hr/>
+
+**Note**: It does not work with all websites. It is searched by the following expressions: 
 
 ```
 ->  "www\.googletagmanager\.com/ns\.html\?id=[A-Z0-9\-]+"
@@ -38,7 +34,7 @@ This script try to get related domains / subdomains by looking at Google Analyti
 ## Available versions:
 
 * [Python](Python)
-* [GO](GO)
+* [GO](.)
 
 ## Installation:
 
@@ -83,6 +79,7 @@ Or redirect output to a file (banner or information messages are sent to the err
 python3 analyticsrelationships.py -u https://www.example.com > /tmp/example.txt
 ```
 
+
 ### GO
 
 ```
@@ -95,8 +92,22 @@ Or redirect output to a file (banner or information messages are sent to the err
 >  ./analyticsrelationships --url https://www.example.com > /tmp/example.txt
 ```
 
+You can also pass a file as input
+
+```
+>  cat file.txt | ./analyticsrelationships 
+```
+
+Or a single URL
+
+```
+>  echo https://www.example.com | ./analyticsrelationships 
+```
+
 ### Docker
 
+Only Python Version.
+
 ```
 >  docker run -it  analyticsrelationships:latest https://www.example.com
 ```
@@ -126,13 +137,6 @@ Without redirection:
 
 Working with file redirection works just like in Python.
 
-# Author
-
-This project has been developed by:
-
-* **Josué Encinar García** -- [@JosueEncinar](https://twitter.com/JosueEncinar)
-
-
 # Disclaimer!
 
 This is a PoC. The author is not responsible for any illegitimate use.

analyticsrelationships.go

@@ -1,13 +1,16 @@
 package main
 
 import (
+	"bufio"
 	"crypto/tls"
 	"flag"
 	"fmt"
 	"io/ioutil"
 	"net/http"
+	"os"
 	"regexp"
 	"strings"
+	"time"
 )
 
 func banner() {
@@ -26,19 +29,21 @@ func banner() {
 ██████╔╝╚██████╔╝██║ ╚═╝ ██║██║  ██║██║██║ ╚████║███████║
 ╚═════╝  ╚═════╝ ╚═╝     ╚═╝╚═╝  ╚═╝╚═╝╚═╝  ╚═══╝╚══════╝
 
-> Get related domains / subdomains by looking at Google Analytics IDs
-> GO Version
-> By @JosueEncinar
-
 `
+	data += "\033[32m> \033[0mGet related domains / subdomains by looking at Google Analytics IDs\n"
+	data += "\033[32m> \033[0mGO Version\n"
+	data += "\033[32m> \033[0mBy @JosueEncinar\n"
+
 	println(data)
 }
 
 func getURLResponse(url string) string {
 	tr := &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 	}
-	client := &http.Client{Transport: tr}
+	client := &http.Client{
+		Transport: tr,
+		Timeout:   time.Second * 3}
 	res, err := client.Get(url)
 	if err != nil {
 		return ""
@@ -51,31 +56,42 @@ func getURLResponse(url string) string {
 	return string(body)
 }
 
-func getGoogleTagManager(targetURL string) string {
-	url := ""
+func getGoogleTagManager(targetURL string) (bool, []string) {
+	var resultTagManager []string
 	response := getURLResponse(targetURL)
 	if response != "" {
 		pattern := regexp.MustCompile("www\\.googletagmanager\\.com/ns\\.html\\?id=[A-Z0-9\\-]+")
 		data := pattern.FindStringSubmatch(response)
 		if len(data) > 0 {
-			url = "https://" + strings.Replace(data[0], "ns.html", "gtm.js", -1)
+			resultTagManager = append(resultTagManager, "https://"+strings.Replace(data[0], "ns.html", "gtm.js", -1))
 		} else {
 			pattern = regexp.MustCompile("GTM-[A-Z0-9]+")
 			data = pattern.FindStringSubmatch(response)
 			if len(data) > 0 {
-				url = "https://www.googletagmanager.com/gtm.js?id=" + data[0]
+				resultTagManager = append(resultTagManager, "https://www.googletagmanager.com/gtm.js?id="+data[0])
+			} else {
+				pattern = regexp.MustCompile("UA-\\d+-\\d+")
+				aux := pattern.FindAllStringSubmatch(response, -1)
+				var result []string
+				for _, r := range aux {
+					result = append(result, r[0])
+				}
+				return true, result
 			}
 		}
 	}
-	return url
+	return false, resultTagManager
 }
 
-func getUA(url string) [][]string {
+func getUA(url string) []string {
 	pattern := regexp.MustCompile("UA-[0-9]+-[0-9]+")
 	response := getURLResponse(url)
-	var result = [][]string{}
+	var result []string
 	if response != "" {
-		result = pattern.FindAllStringSubmatch(response, -1)
+		aux := pattern.FindAllStringSubmatch(response, -1)
+		for _, r := range aux {
+			result = append(result, r[0])
+		}
 	} else {
 		result = nil
 	}
@@ -105,7 +121,7 @@ func getDomainsFromHackerTarget(id string) []string {
 	url := "https://api.hackertarget.com/analyticslookup/?q=" + id
 	response := getURLResponse(url)
 	var allDomains []string = nil
-	if response != "" {
+	if response != "" && !strings.Contains(response, "API count exceeded") {
 		allDomains = strings.Split(response, "\n")
 	}
 	return allDomains
@@ -133,40 +149,59 @@ func contains(data []string, value string) bool {
 	return false
 }
 
-func main() {
-	url := flag.String("url", "", "URL to extract Google Analytics ID")
-	flag.Parse()
-	banner()
-	if *url == "" {
-		println("Usage: ./analyticsrelationships --url https://www.example.com")
-		return
+func showDomains(ua string) {
+	fmt.Println(">> " + ua)
+	allDomains := getDomains(ua)
+	if len(allDomains) == 0 {
+		fmt.Println("|__ NOT FOUND")
 	}
-	if !strings.HasPrefix(*url, "http") {
-		*url = "https://" + *url
+	for _, domain := range allDomains {
+		fmt.Println("|__ " + domain)
 	}
-	println("[+] Analyzing url: " + *url)
-	urlGoogleTagManager := getGoogleTagManager(*url)
-	if urlGoogleTagManager != "" {
-		println("[+] URL with UA: " + urlGoogleTagManager)
-		println("[+] Obtaining information from builtwith and hackertarget\n")
+	fmt.Println("")
+}
+
+func start(url string) {
+	if !strings.HasPrefix(url, "http") {
+		url = "https://" + url
+	}
+	println("[+] Analyzing url: " + url)
+	uaResult, resultTagManager := getGoogleTagManager(url)
+	if len(resultTagManager) > 0 {
 		var visited = []string{}
-		for _, ua := range getUA(urlGoogleTagManager) {
-			baseUA := strings.Join(strings.Split(ua[0], "-")[0:2], "-")
+		var allUAs []string
+		if !uaResult {
+			urlGoogleTagManager := resultTagManager[0]
+			println("[+] URL with UA: " + urlGoogleTagManager)
+			allUAs = getUA(urlGoogleTagManager)
+		} else {
+			println("[+] Found UA directly")
+			allUAs = resultTagManager
+		}
+		println("[+] Obtaining information from builtwith and hackertarget\n")
+		for _, ua := range allUAs {
+			baseUA := strings.Join(strings.Split(ua, "-")[0:2], "-")
 			if !contains(visited, baseUA) {
 				visited = append(visited, baseUA)
-				fmt.Println(">> " + baseUA)
-				allDomains := getDomains(baseUA)
-				if len(allDomains) == 0 {
-					fmt.Println("|__ NOT FOUND")
-				}
-				for _, domain := range allDomains {
-					fmt.Println("|__ " + domain)
-				}
-				fmt.Println("")
+				showDomains(baseUA)
 			}
 		}
 		println("\n[+] Done!")
 	} else {
-		println("[-] Tagmanager URL not fount")
+		println("[-] Tagmanager URL not found")
+	}
+}
+
+func main() {
+	url := flag.String("url", "", "URL to extract Google Analytics ID")
+	flag.Parse()
+	banner()
+	if *url != "" {
+		start(*url)
+	} else {
+		scanner := bufio.NewScanner(os.Stdin)
+		for scanner.Scan() {
+			start(scanner.Text())
+		}
 	}
 }