Spyse : Python API Wrapper & Command-Line Client For The Tools Hosted On Spyse.com

Spyse is a developer of complete DAAS (Data-As-A-Service) solutions for Internet security professionals, corporate and remote system administrators, SSL / TLS encryption certificate providers, data centers and business analysts. All Spyse online solutions are represented by thematic services that have a single platform for collecting, processing and aggregating information.

Supports the following APIs:

Python API wrapper and command-line client for the tools hosted on spyse.com.

Also Read – PivotSuite : Network Pivoting Toolkit To Hack The Hidden Network

Installation

pip3 install spyse.py

Using the client

Required Arguments

  • -target
  • -param

Optional Arguments

  • -page
  • -apikey
  • --raw

What is the param argument?

It allows you to search their database for IPs, IP ranges, domain names, URLs, etc. The parameter argument is meant to specify the type of your input.

List of parameters

  • cidr
  • domain
  • ip
  • page
  • url
  • hash
  • q

Using search queries

Much like Shodan, it allows you to use search queries. To do this, you must supply the “q” parameter. From there, it’s as simple as supplying “org: Microsoft” as the target.

spyse -target “org: Microsoft” -param q –ssl-certificates

Searching for subdomains

spyse -target xbox.com -param domain –subdomains

Reverse IP Lookup

spyse -target 52.14.144.171 -param ip –domains-on-ip

Searching for SSL certificates

spyse -target hotmail.com -param domain –ssl-certificates

spyse -target “org: Microsoft” -param q –ssl-certificates

Getting all DNS records

spyse -target xbox.com -param domain –dns-all

Navigating multiple pages using your API key

export SPYSEKEY=”yourkeyhere”
spyse -target xbox.com -param domain -apikey $SPYSEKEY -page 2 —ssl-certificates

Piping to jq and aquatone

Initially when I decided to write this client I really wanted it to focus on flexibility within the command-line, which is why there is the --raw option. From there you can work with the raw JSON returned by the API.

spyse -target hackerone.com -param domain –dns-soa –raw | jq

spyse -target hackerone.com -param domain –subdomains –raw | aquatone

Using the library

Without API Key

from spyse import spyse

s = spyse()
subdomains = s.subdomains(“xbox.com”, param=”domain”)

With API Key

from spyse import spyse

#Using the API key allows us to go through multiple pages of results
s = spyse(‘API_TOKEN_GOES_HERE’)
subdomains = s.subdomains_aggregate(“xbox.com”, param=”domain”, page=2)

Search using CIDR

from spyse import spyse

s = spyse()
results = s.domains_on_ip(“172.217.1.0/24″, param=”cidr”)

Work with an existing file

from spyse import spyse

s = spyse()
results = []

with open(“domains.txt”) as d:
for line in d:
# default value for param=”domain”, so we don’t
# need to specify here
r = s.subdomains_aggregate(line)
results.append(r)
print(results)

R K

Recent Posts

Bash Arrays Explained Simply: Beginner’s Guide with Examples

If you’re learning Bash scripting, one of the most useful features you’ll come across is…

50 minutes ago

Bash For Loop Examples Explained Simply for Beginners

If you are new to Bash scripting or Linux shell scripting, one of the most…

11 hours ago

How Does a Firewall Work Step by Step

How Does a Firewall Work Step by Step? What Is a Firewall and How Does…

2 days ago

ROADTools: The Modern Azure AD Exploration Framework

ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…

5 days ago

How to Enumerate Microsoft 365 Groups Using PowerShell and Python

Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…

5 days ago

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

6 days ago