Mirrors/My-Methodologies
2
0
Fork 0
mirror of https://github.com/xalgord/My-Methodologies.git synced 2024-11-10 06:04:20 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-9: change request with no subject merged in GitBook

Browse source
This commit is contained in:
Xalgord 2023-06-05 10:16:56 +00:00 committed by gitbook-bot
parent c575a54076
commit d20e201b51
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 16 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
tools-and-their-uses.md
View file

@ -27,6 +27,8 @@ breach-parse @gmail.com gmail.txt
domain="$1"
output_dir="subdomain_enum_output"
resolvers_file="resolvers.txt"
wordlist_file="wordlist.txt"
if [ -z "$domain" ]; then
echo "Usage: $0 <domain>"
@ -36,61 +38,45 @@ fi
# Create the output directory if it doesn't exist
mkdir -p "$output_dir"
# AMASS
# AMASS with timeout, increased concurrency, resolvers, and brute-force enumeration
echo "[*] Running Amass..."
amass enum -d "$domain" -o "$output_dir/amass.txt"
amass enum -d "$domain" -o "$output_dir/amass.txt" -max-dns-queries 200 -rf "$resolvers_file" -passive -brute -w "$wordlist_file" -timeout 15
# dnsenum (alternative to SubBrute)
echo "[*] Running dnsenum..."
dnsenum "$domain" > "$output_dir/dnsenum.txt"
# Rest of the subdomain enumeration tools...
# Knock
echo "[*] Running Knock..."
knockpy "$domain" -o "$output_dir/knock.txt"
# DNSRecon
echo "[*] Running DNSRecon..."
dnsrecon -d "$domain" -t brt -z -o "$output_dir/dnsrecon.txt"
# Sublist3r
echo "[*] Running Sublist3r..."
sublist3r -d "$domain" -o "$output_dir/sublist3r.txt"
# AltDNS
echo "[*] Running AltDNS..."
altdns -i "$output_dir/sublist3r.txt" -o "$output_dir/altdns.txt" -w /usr/share/seclists/Discovery/DNS/subdomains-top1mil-5000.txt -r -s "$output_dir/altdns_results.txt"
# Axiom
echo "[*] Running Axiom..."
axiom-scan -d "$domain" -o "$output_dir/axiom.txt"
# hakrawler (alternative to Haktrails)
echo "[*] Running hakrawler..."
hakrawler -url "$domain" -depth 2 -plain > "$output_dir/hakrawler.txt"
# assetfinder (alternative to Anubis)
echo "[*] Running assetfinder..."
assetfinder --subs-only "$domain" | tee "$output_dir/assetfinder.txt"
# subjs (alternative to Lepus)
echo "[*] Running subjs..."
subjs -c 50 -t 10 -timeout 5 -o "$output_dir/subjs.txt" -d "$domain"
# Subfinder
echo "[*] Running Subfinder..."
subfinder -d "$domain" -o "$output_dir/subfinder.txt"
# theHarvester
echo "[*] Running theHarvester..."
theHarvester -d "$domain" -l 500 -b all > "$output_dir/theharvester.txt"
# bbot
echo "[*] Running bbot..."
bbot -t "$domain" -f subdomain-enum -o "$output_dir/bbot"
find "$output_dir/bbot" -name "output.txt" -exec awk '/\[DNS_NAME\]/ {sub(/\[DNS_NAME\]\s+/, ""); print $1}' {} \; > "$output_dir/bbot.txt"
rm -rf "$output_dir/bbot"
# Amass Again for Comprehensive Results
echo "[*] Running Amass (Passive)..."
amass enum -passive -d "$domain" -o "$output_dir/amass_passive.txt"
# Aquatone (Screenshot Tool)
echo "[*] Running Aquatone..."
cat "$output_dir/amass.txt" | aquatone -out "$output_dir/aquatone" -chrome-path /usr/bin/google-chrome-stable
# httprobe
echo "[*] Running httprobe..."
cat "$output_dir/"*".txt" | grep -oE 'https?://[^[:space:]/?$.#].[^[:space:]]*' | sort -u | httprobe -c 50 | tee "$output_dir/httprobe.txt"
cat "$output_dir/"*".txt" | sort -u | httprobe -c 50 | tee "$output_dir/httprobe.txt"
echo "[+] Subdomain enumeration completed. Results saved in '$output_dir' directory."