SDomDiscover : A Easy-To-Use Python Tool To Perform DNS Recon

SDomDiscover a easy-to-use python tool to perform dns recon, subdomain enumeration and much more

The purpouse of this tool is helping bug haunters and pentesters during reconnaissance

If you want to know more about the tool you can read my own post in my blog (written in spanish)

Installation

It can be used in any system with python3

You can easily install AORT using pip:

pip3 install aort

If you want to install it from source:

git clone https://github.com/D3Ext/AORT
cd AORT
pip3 install -r requirements.txt

One-liner

git clone https://github.com/D3Ext/AORT && cd AORT && pip3 install -r requirements.txt && python3 AORT.py

Usage

Common usages

If installed with pip3:

aort

To see the help panel and other parameters

python3 AORT.py -h

Main usage of the tool to dump the valid domains in the SSL certificate

python3 AORT.py -d example.com

Used to perform all the queries and recognizement

python3 AORT.py -d domain.com –all

Features

•  Enumerate subdomains using passive techniques

• A lot of extra queries to enumerate the DNS

•  Domain Zone trasnfer attack

•  WAF type detection

•  Subdomain Takeover checker

•  Wayback machine support to enumerate endpoints

•  Email harvesting

Third part

The tool uses different services to get subdomains in different ways

The WAF detector was modified and addapted from CRLFSuite concept

All DNS queries are scripted in python at 100%

Email harvesting using Proxycrawl API with personal token (you can register a free account with 100 uses)