Subdomains.Sh : A Wrapper Around Tools I Use For Subdomain Enumeration On A Given Domain

Subdomains.Sh is a wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash.

The Workflow

Installation

Run the installation script:

curl -s https://raw.githubusercontent.com/enenumxela/subdomains.sh/main/install.sh | bash –

Or run in an ephemeral Docker container:

Clone the repository and run

cd subdomains.sh
Build the container image
./docker-subdomains.sh build
After build, you can run the script with the same options listed above.
Each run will run in a new container, and the container is destroyed after run
./docker-sudomains.sh -d example.com -r 1.1.1.1
To destroy the container image if desired
./docker-subdomains.sh destroy

Usage

To display this script’s help message, use the -h flag:

subdomains.sh -h

_ _ | | | | _ _ ()_ _ | |
/ | | | | ‘_ \ / |/ _ | '_ \ / ` | | ‘ \/ | / | ‘_ \ __ \ || | |) | (| | () | | | | | | (| | | | | _ _ \ | | | |/__,|./ __,|__/|| || ||_,||| ||()/| |_| v1.0.0
USAGE:
subdomains.sh [OPTIONS]
OPTIONS:
-d, –domain domain to discover subdomains for *
-r, –resolvers list of DNS resolvers containing file *
–use-passive-source comma(,) separated passive tools to use
–exclude-passive-source comma(,) separated passive tools to exclude
–skip-semi-active skip discovery from semi active techniques
–skip-dictionary skip discovery from dictionary DNS brute forcing
-dW, –dictionary-wordlist wordlist for dictionary DNS brute forcing
–skip-permutation skip discovery from permutation DNS brute forcing
-pW, –permutation-wordlist wordlist for permutation DNS brute forcing
–skip-dns-records skip discovery from DNS records
–skip-reverse-dns skip discovery from reverse DNS lookup
–skip-active skip discovery from active techniques
-o, –output output text file
–setup install/update this script & dependencies
-h, –help display this help message and exit
NOTE: options marked with asterik(*) are required.
HAPPY HACKING 🙂