Dome is a fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports. This tool is recommended for bug bounty hunters and pentester in their reconnaissance phase. the more surface area exposed the faster a rock with break down If you want to use more OSINT …
Tag Archives: Subdomains
Tko-Subs : A Tool That Can Help Detect And Takeover Subdomains With Dead DNS Records
Tko-Subs allows: To check whether a subdomain can be taken over because it has: a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over. a dangling CNAME pointing to a non-existent domain name one or more wrong/typoed NS records pointing to a nameserver that …
AnalyticsRelationships : Get Related Domains / Subdomains By Looking At Google Analytics IDs
AnalyticsRelationships is a tool to Get Related Domains / Subdomains By Looking At Google Analytics IDs. This script try to get related domains / subdomains by looking at Google Analytics IDs from a URL. First search for ID of Google Analytics in the webpage and then request to builtwith and hackertarget with the ID. Note: It does not work …
Subcert : Finds All The Subdomains From Certificate Transparency Logs
Subcert is a subdomain enumeration tool, that finds all the valid subdomains from certificate transparency logs. Setup Step 1: Install Python 3 apt-get install python3-pip Step 2: Clone the Repository git clone https://github.com/A3h1nt/Subcert.git Step 3: Install Dependencies pip3 install -r requirements.txt Step 4: Move the Directory to /opt mv subcert /opt/ Step 5: Add an …
Continue reading “Subcert : Finds All The Subdomains From Certificate Transparency Logs”
FProbe : Domains/Subdomains & Probe For Working Http/Https Server
FProbe is a took to take list of domains/subdomains and probe for working http/https server. Installation GO111MODULE=on go get -u github.com/theblackturtle/fprobe Features Take a list of domains/subdomains and probe for working http/https server. Optimize RAM and CPU in runtime. Support special ports for each domain Verbose in JSON format with some additional headers, such as …
Continue reading “FProbe : Domains/Subdomains & Probe For Working Http/Https Server”
ShuffleDNS : Wrapper Around Massdns Written In Go To Enumerate Valid Subdomains Using Active Bruteforce
ShuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. Features Simple and modular code base making it easy to contribute. Fast And Simple active subdomain scanning. Handles wildcard subdomains in a smart manner. …
SubDomain3: A New Generation Tool For Discovering Subdomains
Subdomain3 is a new generation of tool , It helps penetration testers to discover more information in a shorter time than other tools.The information includes subdomains, IP, CDN, and so on. Please enjoy it. Features More quick Three patterns for speed. User can modify the configuration(lib/config.py) file to speed-up. CDN support Determines whether the subdomain …
Continue reading “SubDomain3: A New Generation Tool For Discovering Subdomains”
Dr_Robot : Tool Used To Enumerate The Subdomains Associated With A Company
Dr_Robot is a tool for Domain Reconnaissance and Enumeration. By utilizing containers to reduce the overhead of dealing with dependencies, inconsistency across operating sytems, and different languages, Dr. ROBOT is built to be highly portable and configurable. Use Case: Gather as many public facing servers that a target organization possesses. Querying DNS resources enables us to …
Continue reading “Dr_Robot : Tool Used To Enumerate The Subdomains Associated With A Company”
Findomain : A Cross-Platform Tool That Use Certificate Transparency Logs To Find Subdomains
Findomain is a cross-platform tool that use Certificates Transparency logs to find subdomains. We currently support Linux, Windows and MacOS. All supported platforms are 64 bits. How it works? It tool doesn’t use the common methods for sub(domains) discover, the tool uses Certificate Transparency logs to find subdomains and it method make it tool very …
TakeOver : Takeover Script Extracts CNAME Record Of All Subdomains At Once
Subdomain takeover is a class of vulnerability where subdomain points to an external service that has been deleted. The external services are Github, Heroku, Gitlab, Tumblr and so on. Let’s assume we have a subdomain sub.example.com that points to an external service such as GitHub. If the Github page is removed by its owner and …
Continue reading “TakeOver : Takeover Script Extracts CNAME Record Of All Subdomains At Once”