Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way.
Features
Also Read – 4CAN : Open Source Security Tool to Find Security Vulnerabilities in Modern Cars
Sudomy is using cURL library in order to get the HTTP Response Body from third-party sites to then execute the regular expression to get subdomains. This process fully leverages multi processors, more subdomains will be collected with less time consumption.
The following are the results of passive enumeration DNS testing of Sublist3r, Subfinder, and Sudomy. The domain that is used in this comparison is bugcrowd.com.
Installation
Sudomy is currently extended with the following tools. Instructions on how to install & use the application are linked below.
Tools | License | Info |
---|---|---|
Gobuster | Apache License 2.0 | not mandatory |
httprobe | Tom Hudson – | mandatory |
nmap | GNU General Public License v2.0 | not mandatory |
$ pip install -r requirements.txt
Sudomy requires jq to run and pars. For more information, Download and install jq here
# Linux
apt-get install jq nmap phantomjs
# Mac
brew cask install phantomjs
brew install jq nmap
If you have a Go environment ready to go, it’s as easy as:
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
go get -u github.com/tomnomnom/httprobe
go get -u github.com/OJ/gobuster
Download Sudomy From Github
# Clone this repository
git clone –recursive https://github.com/screetsec/Sudomy.git
# Go into the repository
sudomy –help
#Pull an image from DockerHub
docker pull screetsec/sudomy:v1.1.0
#Run an image, you can run the image on custom directory but you must copy/download config sudomy.api on current directory
docker run -v “${PWD}/output:/usr/lib/sudomy/output” -v “${PWD}/sudomy.api:/usr/lib/sudomy/sudomy.api” -it –rm screetsec/sudomy:v1.1.0 [argument]
API Key is needed before querying on third-party sites, such as Shodan, Censys, SecurityTrails, Virustotal,
and BinaryEdge
.
# Shodan
# URL : http://developer.shodan.io
# Example :
# – SHODAN_API=”VGhpc1M0bXBsZWwKVGhmcGxlbAo”
SHODAN_API=””
# Censys
# URL : https://censys.io/register
CENSYS_API=””
CENSYS_SECRET=””
# Virustotal
# URL : https://www.virustotal.com/gui/
VIRUSTOTAL=””
# Binaryedge
# URL : https://app.binaryedge.io/login
BINARYEDGE=””
# SecurityTrails
# URL : https://securitytrails.com/
SECURITY_TRAILS=””
Usage
Sud⍥my – Fast Subdmain Enumeration and Analyzer
http://github.com/screetsec/sudomy
Usage: sud⍥my.sh [-h [–help]] [-s[–source]][-d[–domain=]]
Example: sud⍥my.sh -d example.com
sud⍥my.sh -s Shodan,VirusTotal -d example.com
sud⍥my.sh -pS -rS -sC -nT -sS -d example.com
Optional Arguments:
-a, –all Running all Enumeration, no nmap & gobuster
-b, –bruteforce Bruteforce Subdomain Using Gobuster (Wordlist: ALL Top SecList DNS)
-d, –domain domain of the website to scan
-h, –help show this help message
-o, –html Make report output into HTML
-s, –source Use source for Enumerate Subdomain
-tO, –takeover Subdomain TakeOver Vulnerabilty Scanner
-pS, –ping-sweep Check live host using methode Ping Sweep
-rS, –resolver Convert domain lists to resolved IP lists without duplicates
-sC, –status-code Get status codes, response from domain list
-nT, –nmap-top Port scanning with top-ports using nmap from domain list
-sS, –screenshot Screenshots a list of website
-nP, –no-passive Do not perform passive subdomain enumeration
–no-probe Do not perform httprobe
To use all 16 Sources and Probe for working http or https servers:
$ sudomy -d hackerone.com
To use one of more source:
$ sudomy -s shodan,dnsdumpster,webarchive -d hackerone.com
To use one or more plugins:
$ sudomy -pS -sC -sS -d hackerone.com
To use all plugins: testing host status, http/https status code, subdomain takeover and screenshots
$ sudomy –all -d hackerone.com
To create report in HTML Format
$ sudomy –all -d hackerone.com –html
HTML Report Sample:
ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…
HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…
SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…
Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…
A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…
LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…