.png)
SDomDiscover a easy-to-use python tool to perform dns recon, subdomain enumeration and much more
The purpouse of this tool is helping bug haunters and pentesters during reconnaissance
If you want to know more about the tool you can read my own post in my blog (written in spanish)
Installation
It can be used in any system with python3
You can easily install AORT using pip:
pip3 install aort
If you want to install it from source:
git clone https://github.com/D3Ext/AORT
cd AORT
pip3 install -r requirements.txt
One-liner
git clone https://github.com/D3Ext/AORT && cd AORT && pip3 install -r requirements.txt && python3 AORT.py
Usage
Common usages
If installed with pip3:
aort
To see the help panel and other parameters
python3 AORT.py -h
Main usage of the tool to dump the valid domains in the SSL certificate
python3 AORT.py -d example.com
Used to perform all the queries and recognizement
python3 AORT.py -d domain.com –all
Features
- Enumerate subdomains using passive techniques
- A lot of extra queries to enumerate the DNS
- Domain Zone trasnfer attack
- WAF type detection
- Subdomain Takeover checker
- Wayback machine support to enumerate endpoints
- Email harvesting
Third part
The tool uses different services to get subdomains in different ways
The WAF detector was modified and addapted from CRLFSuite concept
All DNS queries are scripted in python at 100%
Email harvesting using Proxycrawl API with personal token (you can register a free account with 100 uses)
.png&description=SDomDiscover a easy-to-use python tool to perform dns recon, subdomain enumeration and much more. This tool is to help bug haunters.){kind=link}