An automation tool for domains & subdomains gathering. (This tool reached its end of life right now)

Very effective for bug hunting

Subdomainer is an automation tool for domains & subdomains gatherin wheather for single target or multiple targets. Subdomainer uses multiple tools for doing the subdomains & domians gathering job in a perfect way, it can take a domains / targets list and doing the whole operation on them and after finshing the job it save the result in a comprehandable & ordered way.

After the subdomainer finishes gathering subdomains & domains it filters them from the repeated subdomains & domains then filters the only live subdomains. It also use multiple methods to gather subdomains like: gathering subdomains through github searching [requires github token] also from enumerating wordlist based and other effective techniques.

This tool made & developed to work in Debian based Linux systems & have been tested on:

• Kali Linux

And it should work in other security distributions like:

• ParrotOS
• BackBox

• Sublist3r

• Amass

  • Enum
    • Passive Mode
  • Intel
    • Whois Mode

• Github-Search

  • Gathering Subdomains Through Github Searching

• Knockpy

  • Deep mode
    • Gather much domains & subdomains through DNS, HTTP & HTTPS requests
  • Fast mode
    • Gather much domains & subdomains through DNS requests only

• subfinder

• gobuster

  • enumerating subdomains through wordlist

• Unuique result filtering.
• Unique & live result filtering:
  • httpx

1- Simply change the installation script permession to executable mode then run it:

chmod +x install.sh && ./install.sh

NOTE: If you face any problems while installing please read the install script source code,
i've attached further installtion instructions in the install script source for those who face problems while installing

-t: This option is to set the target which [single domains] to gather it's subdomains

-l: This option is to specify a domains list to gather their subdomains [in the list every domain in a single line] such as:

example.com
domains.com
target.com

-d This option refers to the deep mode in knockpy tool, so to activate the deep scanning mode just use it like -d true

-f This option refers to the fast mode in knockpy ttol, so to activate the fast scanning mode just use it like -f true

-w This option is to set a wordlist for the gobuster tool, just use it like -w <wordlist_path>

-g This option is to set a github token for github subdomain gathering mode, use it like -g <github_token>

-i This option is to ignore directory splitting while scanning a whole list, for example if the list consists of:

example.com
domains.com
target.com

If you do not add the -i option, the tool will make each target result in a single directory like:

example.com/

domains.com/

target.com/

But if you add the -i option, all the result will be saved in a single directory like:

result/

-h To display the help menue of the tool

  _________    ___.        .___                    .__                     
 /   _____/__ _\_ |__    __| _/____   _____ _____  |__| ____   ___________ 
 \_____  \|  |  \ __ \  / __ |/  _ \ /     \\__  \ |  |/    \_/ __ \_  __ \
 /        \  |  / \_\ \/ /_/ (  <_> )  Y Y  \/ __ \|  |   |  \  ___/|  | \/
/_______  /____/|___  /\____ |\____/|__|_|  (____  /__|___|  /\___  >__|   
        \/          \/      \/            \/     \/        \/     \/       

		   🗲  Automated Subdomain Gathering Tool 🗲
			  Developed By Momen Ali
			      The Cyber Guy



[usage]:

-h ==> Help Menue
-t ==> Target Domain
-l ==> Domains List
-w ==> Wordlist
-d ==> Knockpy Deep Mode
-f ==> Knockpy Fast Mode
-g ==> Github Token
-i ==> Ignore Directory Splitting


[Explaination]:

[+] -h : It Show The Help Menue For You Such As: Syntax, Examples, Switches
[+] -t : To Use A Single Target Domain To Gather Subdomains On It { Put The Domain Without http Or https }
[+] -l : To Use A Multible Domains Listed In Text File {  Put Every Domain In A Single Line Without http Or https }
[+] -w : To Use A Wordlist For The Tools That Support Enumeration List Based { Optionally }
[+] -d : To Use Knockpy In Deep Mode | Switch Usage -> -d true or -d True
[+] -f : To Use Knockpy In Fast Mode | Switch Usage -> -f true or -f True
[+] -g : Set Github Token For Gathering Subdomains From Github { Optionally }
[+] -i : Ignore directory splitting for every domain in list { Only effective while using a list } | Switch usage -> -i true or -i True


[Exampels]:

=================================================
               Single Domains Based
=================================================

./subdomainer -t domain.com -f true -g 55aa66bb4aa8mm9mmss334422-weqas -w /usr/share/wordlist/dirbuster/directories.jbrofuzz

./subdomainer -t domains.com -d true -g 55aa66bb4aa8mm9mmss334422-weqas -w /usr/share/wordlist/dirbuster/directories.jbrofuzz


=================================================
               Domains List Based
=================================================

./subdomainer -l domains.txt -d true -g 55aa66bb4aa8mm9mmss334422-weqas -w /usr/share/wordlist/dirbuster/directories.jbrofuzz -i

./subdomainer -l domains.txt -f true -g 55aa66bb4aa8mm9mmss334422-weqas -w /usr/share/wordlist/dirbuster/directories.jbrofuzz