Giter Site home page Giter Site logo

domained's Introduction

domained

A domain name enumeration tool

Gist: Some terrible continually updated python code leveraging some awesome tools that I use for bug bounty reconnaissance.

The tools contained in domained requires Kali Linux (preferred) or Debian 7+ and Recon-ng

Domained uses several subdomain enumeration tools and wordlists to create a unique list of subdmains that are passed to EyeWitness for reporting with categorized screenshots, server response headers and signature based default credential checking. (resources are saved to ./bin and output is saved to ./output)

Initial Install:
  • domained tools: python domained.py --install
  • Python required modules: sudo pip install -r ./ext/requirements.txt
Other Dependencies:
  • ldns library for DNS programming: sudo apt-get install libldns-dev -y
  • Go Programming Language: sudo apt-get install golang

NOTE: This is an active recon โ€“ only perform on applications that you have permission to test against.

Additional option
  1. Add only amass and subfinder
  2. Add cname and domain takeover tools
  3. SPF records for domain
Tools leveraged:
Subdomain Enumeraton Tools:
  1. Sublist3r by Ahmed Aboul-Ela
  2. enumall by Jason Haddix
  3. Knock by Gianni Amato
  4. Subbrute by TheRook
  5. massdns by B. Blechschmidt
  6. Recon-ng by Tim Tomes (LaNMaSteR53)
  7. Amass by Jeff Foley (caffix)
Reporting + Wordlists:
Usage
First Step:
Install Required Python Modules: sudo pip install -r ./ext/requirements.txt
Install Tools: sudo python domained.py --install

Example 1: python domained.py -d example.com
Uses subdomain example.com (Sublist3r enumall, Knock, Amass)

Example 2: python domained.py -d example.com -b -p --vpn
Uses subdomain example.com with seclist subdomain list bruteforcing (massdns, subbrute, Sublist3r, Amass and enumall), adds ports 8443/8080 and checks if on VPN

Example 3: python domained.py -d example.com -b --bruteall
Uses subdomain example.com with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass and enumall)

Example 4: python domained.py -d example.com --quick
Uses subdomain example.com and only Sublist3r (+subbrute)

Example 5: python domained.py -d example.com --quick --notify
Uses subdomain example.com, only Sublist3r (+subbrute) and notification

Example 6: python domained.py -d example.com --noeyewitness
Uses subdomain example.com with no EyeWitness

Note: --bruteall must be used with the -b flag
Option Description
--install/--upgrade Both do the same function โ€“ install all prerequisite tools (Kali is a prerequisite AFAIK)
--vpn Check if you are on VPN (update with your provider)
--quick Use ONLY Sublis3r's subdomain methods (+ subbrute)
--bruteall Bruteforce with JHaddix All.txt List instead of SecList
--fresh Delete old data from output folder
--notify Send Pushover or Gmail Notifications
--active EyeWitness Active Scan
--noeyewitness No Eyewitness
-d The domain you want to preform recon on
-b Bruteforce with subbrute/massdns and SecList wordlist
-s n Only HTTPs domains
-p Add port 8080 for HTTP and 8443 for HTTPS
Notifications
  • Complete the ext/notifycfg.ini for Pushover or Gmail notifications. (Enable must be set to True)
  • Please see the Pushover API info here and instructions on how to allow less secure apps on your gmail account here
To-Do List
  • Multiple Domains
  • Notifications
  • Subdomains from censys
  • Subdomains from Shodan
  • Web Frontend/Dashbord
  • Add SubFinder/SubOver
Thank You to Contributors
  • ccsplit - Multiple code improvements including the ability to run domained from any directory
  • jafoca - Massdns fix
  • mortymorty - SecList brute file fix
  • Chan9390 - Updates to the requirements.txt
  • dainok - Python 3.6+ fixes
Major Updates
  • 07-15-2017: Updated to include error handling and updated reconnaissance techniques from Bugcrowd's LevelUp Conference (including subbrute/masscan and subdomain lists) - influenced by Jason Haddix's talk Bug Hunter's Methodology 2.0
  • 08-09-2017: Various fixes (+ phantomjs error), added --fresh option, removed redundant PyBrute folder from output and added pip requirements.txt
  • 08-15-2017: Added notification (--notify) option with Pushover or Gmail support
  • 08-18-2017: Moved repo from OrOneEqualsOne/reconned
  • 09-28-2017: Updated for Recon-ng dependency + Python3 changes
  • 06-20-2018: Added Amass and option for no EyeWitness

domained's People

Contributors

cak avatar ccsplit avatar chan9390 avatar jafoca avatar mortymorty avatar secxena avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.