tomnomnom / assetfinder Goto Github PK
View Code? Open in Web Editor NEWFind domains and subdomains related to a given domain
License: MIT License
Find domains and subdomains related to a given domain
License: MIT License
We noticed that you used the API of one of Spyse's products most likely it was Findsubdomains, Cert DB or DNS table. We want to notify you about the release of a new and improved API key which you can find in your personal account at spyse.com.
Unfortunately, we should stop supporting the old API a few weeks earlier, starting from Monday. Thanks for being with us.
previously it worked , but looking now it need
'https://tls.bufferover.run/dns?q=.target.com -H 'x-api-key:
x-api-token to work ......so any one who know go can contribute in this ....
Hi
Thanks for this amazing tool.
It will be good if somehow we can also get all TLDs.
Like specifying flag like assetfinder --subs-only --tld xyz.com will return domains for xyz.com and xyz.net domains also if available.
When running $ go get -u github.com/tomnomnom/assetfinder , I get this ::
import cycle not allowed
package github.com/tomnomnom/assetfinder
imports bufio
imports bytes
imports errors
imports internal/reflectlite
imports runtime
imports internal/bytealg
imports internal/cpu
imports runtime
/root/go/src/github.com/tomnomnom/assetfinder/urlscan.go:46: u.Hostname undefined (type *url.URL has no field or method Hostname)
/root/go/src/github.com/tomnomnom/assetfinder/urlscan.go:55: u.Hostname undefined (type *url.URL has no field or method Hostname)
/root/go/src/github.com/tomnomnom/assetfinder/wayback.go:38: u.Hostname undefined (type *url.URL has no field or method Hostname)
What's wrong with my machine ? any hints ?
Hello.. i use kali linux 2019 and when install assetfinder i have this error
my command
root@kali :#~ go run main.go
# command-line-arguments
./main.go:31:3: undefined: fetchCertSpotter
./main.go:32:3: undefined: fetchHackerTarget
./main.go:33:3: undefined: fetchThreatCrowd
./main.go:34:3: undefined: fetchCrtSh
./main.go:35:3: undefined: fetchFacebook
./main.go:37:3: undefined: fetchVirusTotal
./main.go:38:3: undefined: fetchFindSubDomains
./main.go:39:3: undefined: fetchUrlscan
./main.go:40:3: undefined: fetchBufferOverrun
./main.go:47:8: undefined: newRateLimiter
./main.go:47:8: too many errors
Unless I'm reading this incorrectly https://github.com/tomnomnom/assetfinder/blob/master/main.go#L90 will continue execution as normal if the identified domain doesn't match the root. I haven't tested but wouldn't a return
be a better fit here?
I'll take a poke at this if I get some time, just adding it here for tracking purposes.
~$ go install github.com/tomnomnom/assetfinder@latest
/usr/local/go/src/crypto/rand/rand_unix.go:14:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/aes/aes_gcm.go:10:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/tls/auth.go:10:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/ecdsa/ecdsa.go:33:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/sha1/boring.go:15:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/ecdh/x25519.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/elliptic/nistec.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/internal/nistec/p224.go:10:2: //go:build comment without // +build comment
/usr/local/go/src/net/http/h2_bundle.go:26:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/tls/auth.go:13:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/tls/cipher_suites.go:15:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/ecdsa/ecdsa.go:35:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/cipher/gcm.go:9:2: //go:build comment without // +build comment
/usr/local/go/src/net/http/client.go:14:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/tls/cache.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/encoding/base64/base64.go:9:2: //go:build comment without // +build comment
/usr/local/go/src/runtime/stkframe.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/runtime/error.go:7:8: //go:build comment without // +build comment
/usr/local/go/src/internal/bytealg/bytealg.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/internal/abi/abi.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/runtime/internal/sys/consts.go:9:2: //go:build comment without // +build comment
/usr/local/go/src/os/error.go:9:2: //go:build comment without // +build comment
/usr/local/go/src/internal/poll/copy_file_range_linux.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/encoding/binary/binary.go:27:2: //go:build comment without // +build comment
/usr/local/go/src/net/http/fs.go:14:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/x509/parser.go:20:2: //go:build comment without // +build comment
go/pkg/mod/github.com/tomnomnom/[email protected]/crtsh.go:7:2: //go:build comment without // +build comment
/usr/local/go/src/fmt/print.go:10:2: //go:build comment without // +build comment
/usr/local/go/src/io/ioutil/tempfile.go:10:2: //go:build comment without // +build comment
/usr/local/go/src/encoding/binary/binary.go:28:2: //go:build comment without // +build comment
/usr/local/go/src/internal/reflectlite/value.go:9:2: //go:build comment without // +build comment
package github.com/tomnomnom/assetfinder
imports net/http
imports crypto/tls
imports crypto/x509
imports net: //go:build comment without // +build comment
/usr/local/go/src/runtime/arena.go:87:2: //go:build comment without // +build comment
/usr/local/go/src/runtime/internal/math/math.go:7:8: //go:build comment without // +build comment
/usr/local/go/src/internal/syscall/unix/at.go:10:2: //go:build comment without // +build comment
/usr/local/go/src/internal/poll/fd_poll_runtime.go:13:2: //go:build comment without // +build comment
Consider adding Hudson Rock's complimentary data to receive additional URLs associated with a specific domain.
Data was retrieved from infected computers with the Infostealer malware and contains URLs that usually cannot be found conventionally.
Domain sample: https://cavalier.hudsonrock.com/api/json/v2/osint-tools/urls-by-domain?domain=tesla.com
Thank you.
im a windwos 7 user im typing command here linke assetfiner --subs-only domains from the going to the path but its not working pls help me how to run in windows
I'm unable to install asset finder using the command
go get -u github.com/tomnomnom/assetfinder
says got get is deprecated
so i tried go install github.com/tomnomnom/assetinder@latest.
and seems like its doing nothing.
Any help is appreciated and also please update the readme.md for installation.
Yo @tomnomnom , firstly I love how much you contribute to the community...
I wanted to inform you that there is an issue when using Assetfinder.
I used this command-
cat scope.txt | assetfinder | tee output.txt
In the scope.txt I wrote hackerone.com
As you can see in the above image that Assetfinder fetches out-of-scope subdomains when we try to run it with
cat scope.txt | assetfinder
This means that this tool will not work on multiple targets at once.
I am not sure that this behavior was expected....
If your tool was supposed to work on only 1 target then let me know.
Thanks ;)
Results include domains like *.example.com, *.subs.example.com. Later found that it's because of crtsh.go file. Is this part of scan? or something went wrong?
Please help me in installing it on linux as when cloning it and running with the command
go run main.go it is showing some command line arguments add error. Please help
See https://twitter.com/gustavorobertux/status/1143545880601079808 for an example
An empty response from cert spotter results in an umarshal error, and it's reported badly.
Given it's perfectly legitimate for there to be no results it might be a good idea just to swallow these errors.
We need output flag so we can save the result in a file
Hi there. You previously used one of our services as a part of your development. We want to notify you, that we are releasing our updated Spyse API search. We hope you will be interested in testing and implementing a much broader functionality to your developments. Thanks for being with us.
I tried with suggested replace got install, but I got:
$ go install github.com/tomnomnom/assetfinder/assetfinder@latest
go install: github.com/tomnomnom/assetfinder/assetfinder@latest: module github.com/tomnomnom/assetfinder@latest found (v0.1.1), but does not contain package github.com/tomnomnom/assetfinder/assetfinder
Hi @tomnomnom
Command1: assetfinder -subs-only domain.com
Command2: assetfinder --subs-only domain.com
Command3: assetfinder domain.com
panic: runtime error: index out of range [1] with length 1
goroutine 14 [running]:
main.fetchBufferOverrun(0xc000014390, 0xa, 0x18, 0x1, 0x1, 0xc0000189c0, 0x18)
/root/go/src/github.com/tomnomnom/assetfinder/bufferoverrun.go:23 +0x346
main.main.func1(0xc000014380, 0xc00000e2a0, 0x717520, 0xc000014390, 0xa, 0xc00001e180)
/root/go/src/github.com/tomnomnom/assetfinder/main.go:61 +0x123
created by main.main
/root/go/src/github.com/tomnomnom/assetfinder/main.go:57 +0x385
How can i configure virus total api after installing assetfinder?
does it not work with go1.15 or i am doing something wrong
Já segui como que se instala segundo esse github https://github.com/tomnomnom/assetfinder , já baixei o assetfinder no meu virtual box, quando abro o executável ele me retorna "chdir(2) failed.:Not a directory". Quando coloco go get -u github.com/tomnomnom/assetfinder ele me volta com um fatal unable access port 443:no route to host package.
Já tentei fazer tanto no kali, windows 10 e ubuntu, e nos 3 me retorna isso
when I try to install this using git clone and try to build the main.go I got this message
go run main.go
./main.go:31:3: undefined: fetchCertSpotter
./main.go:32:3: undefined: fetchHackerTarget
./main.go:33:3: undefined: fetchThreatCrowd
./main.go:34:3: undefined: fetchCrtSh
./main.go:35:3: undefined: fetchFacebook
./main.go:37:3: undefined: fetchVirusTotal
./main.go:38:3: undefined: fetchFindSubDomains
./main.go:39:3: undefined: fetchUrlscan
./main.go:40:3: undefined: fetchBufferOverrun
./main.go:47:8: undefined: newRateLimiter
./main.go:47:8: too many errors
Hello guys im a total noob most experience i have is learning python, anyways when trying to run
assetfinder [--subs-only] it says
users-MacBook-Pro:assetfinder-master user$ assetfinder -subs-only twitter.com
-bash: assetfinder: command not found
Hi Tom,
u r building nice tool here as usal BUT i need to calrify some points to be fixed
CertSpotter need some filtration
Virus total not working at all
FindSubDomains not working at all
FetchUrlscan need some filtration
i tested each function via disable others in main.go
dosent have a doc shows requests/second. and also -c or -t to how to limit number of requests.
Absolutely no issue here - just wanted to drop you a note to say thanks for an awesome tool :)
Install
If you have Go installed and configured (i.e. with $GOPATH/bin in your $PATH):
go install github.com/tomnomnom/assetfinder@latest
Can we print the log into the .txt file ? ex: assetfinder --subs-only asd.com -o asd.txt
It brings results other than the searched domain. The second is,Results are not uniqe. I'm using the anew command.
# assetfinder --subs-only testfire.net
demo.testfire.net
www.testfire.net
testfire.net
evil.testfire.net
domain2.testfire.net
demo2.testfire.net
httpdemo.testfire.net
wellpoint.se srchttpdemo.testfire.net
hkcastte.com srchttpdemo.testfire.net
superkeychain.com srchttpdemo.testfire.net
computerserviceandsales.cn srchttpdemo.testfire.net
wellpoint.jobs.net srchttpdemo.testfire.net
altoro.testfire.net
ftp.testfire.net
localhost.testfire.net
I use it this way.
assetfinder --subs-only testfire.net|xurls -r|anew|grep "testfire.net"|tee testfire.net.txt
assetfinder --subs-only $1|xurls -r|anew|grep "$1"|tee $1.txt
Hi, @tomnomnom!
I am going to update the Spyse integration to use the new API version, but the Assetfinder repo seems to be abandoned.
Does it make sense to send a merge request?
Can you please update the go download command for assetfinder since from go 1.17 go get has been removed and cannot be used.
Sites using e.g.Cloudflare and their shared certificates are showing a lot of false positives.
The results contain the domains completely unrelated to the queried domain.
Example:
Queried domain : example.com
Results:
example.com
www.example.com
somethingelse.com
randomdomain.com
How about a small check that verifies the domain names from cert search results match the queried domain?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.