mirror of
https://github.com/xalgord/My-Methodologies.git
synced 2024-11-26 21:50:19 +00:00
GITBOOK-9: change request with no subject merged in GitBook
This commit is contained in:
parent
c575a54076
commit
d20e201b51
1 changed files with 16 additions and 30 deletions
|
@ -27,6 +27,8 @@ breach-parse @gmail.com gmail.txt
|
|||
|
||||
domain="$1"
|
||||
output_dir="subdomain_enum_output"
|
||||
resolvers_file="resolvers.txt"
|
||||
wordlist_file="wordlist.txt"
|
||||
|
||||
if [ -z "$domain" ]; then
|
||||
echo "Usage: $0 <domain>"
|
||||
|
@ -36,61 +38,45 @@ fi
|
|||
# Create the output directory if it doesn't exist
|
||||
mkdir -p "$output_dir"
|
||||
|
||||
# AMASS
|
||||
# AMASS with timeout, increased concurrency, resolvers, and brute-force enumeration
|
||||
echo "[*] Running Amass..."
|
||||
amass enum -d "$domain" -o "$output_dir/amass.txt"
|
||||
amass enum -d "$domain" -o "$output_dir/amass.txt" -max-dns-queries 200 -rf "$resolvers_file" -passive -brute -w "$wordlist_file" -timeout 15
|
||||
|
||||
# dnsenum (alternative to SubBrute)
|
||||
echo "[*] Running dnsenum..."
|
||||
dnsenum "$domain" > "$output_dir/dnsenum.txt"
|
||||
# Rest of the subdomain enumeration tools...
|
||||
|
||||
# Knock
|
||||
echo "[*] Running Knock..."
|
||||
knockpy "$domain" -o "$output_dir/knock.txt"
|
||||
|
||||
# DNSRecon
|
||||
echo "[*] Running DNSRecon..."
|
||||
dnsrecon -d "$domain" -t brt -z -o "$output_dir/dnsrecon.txt"
|
||||
|
||||
# Sublist3r
|
||||
echo "[*] Running Sublist3r..."
|
||||
sublist3r -d "$domain" -o "$output_dir/sublist3r.txt"
|
||||
|
||||
# AltDNS
|
||||
echo "[*] Running AltDNS..."
|
||||
altdns -i "$output_dir/sublist3r.txt" -o "$output_dir/altdns.txt" -w /usr/share/seclists/Discovery/DNS/subdomains-top1mil-5000.txt -r -s "$output_dir/altdns_results.txt"
|
||||
|
||||
# Axiom
|
||||
echo "[*] Running Axiom..."
|
||||
axiom-scan -d "$domain" -o "$output_dir/axiom.txt"
|
||||
|
||||
# hakrawler (alternative to Haktrails)
|
||||
echo "[*] Running hakrawler..."
|
||||
hakrawler -url "$domain" -depth 2 -plain > "$output_dir/hakrawler.txt"
|
||||
|
||||
# assetfinder (alternative to Anubis)
|
||||
echo "[*] Running assetfinder..."
|
||||
assetfinder --subs-only "$domain" | tee "$output_dir/assetfinder.txt"
|
||||
|
||||
# subjs (alternative to Lepus)
|
||||
echo "[*] Running subjs..."
|
||||
subjs -c 50 -t 10 -timeout 5 -o "$output_dir/subjs.txt" -d "$domain"
|
||||
|
||||
# Subfinder
|
||||
echo "[*] Running Subfinder..."
|
||||
subfinder -d "$domain" -o "$output_dir/subfinder.txt"
|
||||
|
||||
# theHarvester
|
||||
echo "[*] Running theHarvester..."
|
||||
theHarvester -d "$domain" -l 500 -b all > "$output_dir/theharvester.txt"
|
||||
|
||||
# bbot
|
||||
echo "[*] Running bbot..."
|
||||
bbot -t "$domain" -f subdomain-enum -o "$output_dir/bbot"
|
||||
find "$output_dir/bbot" -name "output.txt" -exec awk '/\[DNS_NAME\]/ {sub(/\[DNS_NAME\]\s+/, ""); print $1}' {} \; > "$output_dir/bbot.txt"
|
||||
rm -rf "$output_dir/bbot"
|
||||
|
||||
# Amass Again for Comprehensive Results
|
||||
echo "[*] Running Amass (Passive)..."
|
||||
amass enum -passive -d "$domain" -o "$output_dir/amass_passive.txt"
|
||||
|
||||
# Aquatone (Screenshot Tool)
|
||||
echo "[*] Running Aquatone..."
|
||||
cat "$output_dir/amass.txt" | aquatone -out "$output_dir/aquatone" -chrome-path /usr/bin/google-chrome-stable
|
||||
|
||||
# httprobe
|
||||
echo "[*] Running httprobe..."
|
||||
cat "$output_dir/"*".txt" | grep -oE 'https?://[^[:space:]/?$.#].[^[:space:]]*' | sort -u | httprobe -c 50 | tee "$output_dir/httprobe.txt"
|
||||
cat "$output_dir/"*".txt" | sort -u | httprobe -c 50 | tee "$output_dir/httprobe.txt"
|
||||
|
||||
echo "[+] Subdomain enumeration completed. Results saved in '$output_dir' directory."
|
||||
|
||||
|
|
Loading…
Reference in a new issue