From f87a35fe7c19ab4dd178e74fb1b8c75103d4dc46 Mon Sep 17 00:00:00 2001 From: Xalgord Date: Sun, 11 Jun 2023 06:55:42 +0000 Subject: [PATCH] GITBOOK-12: change request with no subject merged in GitBook --- tools-and-their-uses.md | 61 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/tools-and-their-uses.md b/tools-and-their-uses.md index e877d32..1087bee 100644 --- a/tools-and-their-uses.md +++ b/tools-and-their-uses.md @@ -175,3 +175,64 @@ rm "$url/recon/wayback/extensions/aspx1.txt" #echo "[+] Running eyewitness against all compiled domains..." #python3 EyeWitness/EyeWitness.py --web -f "$url/recon/httprobe/alive.txt" -d "$url/recon/eyewitness" --resolve ``` + +## Subdomain Finder tools: + +chaos , subfinder , finddomain, assetfinder, amass + +| Type | Tool | Repo | Stars | Latest release | Latest commit | Programming Language | +| ------------- | ----------------- | ---------------------------------------------------------------------------------------------------- | ----- | -------------- | ------------- | -------------------- | +| Passive | Amass | [https://github.com/OWASP/Amass](https://github.com/OWASP/Amass) | 6,1K | 3.15.0 | 12 nov 2021 | Go | +| Passive | Sublist3r | [https://github.com/aboul3la/Sublist3r](https://github.com/aboul3la/Sublist3r) | 6,5K | 1.1 | 29 jul 2020 | Python | +| Passive | crobat | [https://github.com/Cgboal/SonarSearch](https://github.com/Cgboal/SonarSearch) | 428 | – | 17 sept 2021 | Go | +| Passive | chaos | [https://github.com/projectdiscovery/chaos-client](https://github.com/projectdiscovery/chaos-client) | 270 | 0.1.9 | 20 oct 2021 | Go | +| Passive | subfinder | [https://github.com/projectdiscovery/subfinder](https://github.com/projectdiscovery/subfinder) | 4,4K | 2.4.9 | 20 oct 2021 | Go | +| Passive | assetfinder | [https://github.com/tomnomnom/assetfinder](https://github.com/tomnomnom/assetfinder) | 1,5K | – | 15 Apr 2020 | Go | +| Passive | waybackurls | [https://github.com/tomnomnom/waybackurls](https://github.com/tomnomnom/waybackurls) | 1,5K | – | 24 Apr 2020 | Go | +| Passive | gau | [https://github.com/lc/gau](https://github.com/lc/gau) | 1,6K | 2.0.6 | 15 nov 2021 | Go | +| Passive | github-subdomains | [https://github.com/gwen001/github-subdomains](https://github.com/gwen001/github-subdomains) | 276 | – | 15 Apr 2021 | Go | +| Passive | findomain | [https://github.com/Findomain/Findomain](https://github.com/Findomain/Findomain) | 2,1K | 5.0.0 | 9 nov 2021 | Rust | +| Passive | OneForAll | [https://github.com/shmilylty/OneForAll](https://github.com/shmilylty/OneForAll) | 4,1K | 0.4.3 | 19 nov 2021 | Python | +| Resolution/BF | shuffledns | [https://github.com/projectdiscovery/shuffledns](https://github.com/projectdiscovery/shuffledns) | 692 | 1.0.4 | 20 oct 2021 | Go | +| Resolution/BF | puredns | [https://github.com/d3mondev/puredns](https://github.com/d3mondev/puredns) | 580 | 2.0.1 | 25 jun 2021 | Go | +| Resolution/BF | dnsx | [https://github.com/projectdiscovery/dnsx](https://github.com/projectdiscovery/dnsx) | 629 | 1.0.7 | 19 nov 2021 | Go | +| Resolution/BF | dnscan | [https://github.com/rbsec/dnscan](https://github.com/rbsec/dnscan) | 643 | – | 28 oct 2021 | Python | +| Resolution/BF | gobuster | [https://github.com/OJ/gobuster](https://github.com/OJ/gobuster) | 5,3K | 3.1.0 | 21 jun 2021 | Go | +| Resolution/BF | aiodnsbrute | [https://github.com/blark/aiodnsbrute](https://github.com/blark/aiodnsbrute) | 403 | 0.3.2 | 4 jun 2019 | Python | +| Resolution/BF | massdns | [https://github.com/blechschmidt/massdns](https://github.com/blechschmidt/massdns) | 2,1K | 1.0.0 | 11 nov 2021 | C | +| Resolution/BF | Amass | [https://github.com/OWASP/Amass](https://github.com/OWASP/Amass) | 6,1K | 3.15.0 | 12 nov 2021 | Go | +| Resolution/BF | rusolver | [https://github.com/Edu4rdSHL/rusolver](https://github.com/Edu4rdSHL/rusolver) | 136 | 0.7.0 | 20 oct 2021 | Rust | +| Wordlists | altdns | [https://github.com/infosec-au/altdns](https://github.com/infosec-au/altdns) | 1,6K | – | 10 sep 2021 | Python | +| Wordlists | dnscewl | [https://github.com/codingo/DNSCewl](https://github.com/codingo/DNSCewl) | 213 | – | 7 Jun 2021 | C++ | +| Wordlists | gotator | [https://github.com/Josue87/gotator](https://github.com/Josue87/gotator) | 126 | 1.1 | 24 jul 2021 | Go | +| Wordlists | dmut | [https://github.com/bp0lr/dmut](https://github.com/bp0lr/dmut) | 99 | – | 5 jun 2021 | Go | +| Wordlists | dnsgen | [https://github.com/ProjectAnte/dnsgen](https://github.com/ProjectAnte/dnsgen) | 511 | 1.0.4 | 24 mar 2020 | Python | + +#### Passive results + +| Tools with apis | Apis added | lazada.com Time | lazada.com Results | redmart.com Time | redmart.com Results | lazada.sg Time | lazada.sg Results | Notes | Command | +| ----------------- | ----------- | --------------- | ------------------ | ---------------- | ------------------- | -------------- | ----------------- | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Amass | 18 | 0:02:12 | 5251 | 0:02:15 | 5239 | 0:03:00 | 6610 | | amass enum -passive -d domain.com | +| Sublist3r | – | 0:00:11 | 143 | 0:00:11 | 69 | 0:00:12 | 102 | | python3 sublist3r.py -d domain.com \| tail -n +25 | +| crobat | – | 0:00:01 | 37 | 0:00:01 | 10 | 0:00:01 | 22 | | crobat -s domain.com | +| chaos | 1 | 0:00:01 | 81 | 0:00:01 | 55 | 0:00:01 | 70 | | chaos -d domain.com -silent | +| subfinder | 15 | 0:00:41 | 5265 | 0:00:28 | 5110 | 0:00:30 | 5194 | | subfinder -d domain.com -all -silent | +| assetfinder | 3 | 0:00:48 | 241 | 0:00:05 | 160 | 0:00:01 | 229 | Inconsistente en tiempo | assetfinder –subs-only domain.com | +| waybackurls | – | 0:00:01 | 127 | 0:00:01 | 60 | 0:00:23 | 26 | | waybackurls domain.com \| unfurl -u domains | +| gau | – | 0:01:29 | 134 | 0:01:32 | 69 | 0:05:01 | 43 | Inconsistente en tiempo y resultados (71m!) | gau –subs domain.com \| unfurl -u domains | +| github-subdomains | 1 | 0:00:10 | 144 | 0:00:15 | 72 | 0:00:10 | 97 | | github-subdomains -d domain.com -k -q -t .github\_tokens -o result.txt | +| findomain | 4 | 0:00:06 | 246 | 0:00:02 | 181 | 0:00:08 | 201 | | findomain –quiet -t domain.com | +| OneForAll | 10 | 0:03:18 | 425 | 0:02:20 | 613 | 0:01:42 | 155 | | python3 oneforall.py –target domain.com –alive False –brute False –dns False –fmt json –path results/ run && cat results/domain.com.json \| jq ‘.\[] \| .subdomain’ | +| | | | | | | | | | | +| No APIS | Custom Apis | lazada.com Time | lazada.com Results | redmart.com Time | redmart.com Results | lazada.sg Time | lazada.sg Results | Notes | Command | +| Amass | – | 0:02:02 | 4233 | 0:02:58 | 253 | 0:03:14 | 3938 | | amass enum -passive -d domain.com | +| Sublist3r | – | | | | | | | | python3 sublist3r.py -d domain.com \| tail -n +25 | +| crobat | – | | | | | | | | crobat -s domain.com | +| chaos | – | | | | | | | | chaos -d domain.com -silent | +| subfinder | – | 0:00:24 | 249 | 0:00:06 | 115 | 0:00:26 | 160 | | subfinder -d domain.com -all -silent | +| assetfinder | – | | | | | | | Inconsistente en tiempo | assetfinder –subs-only domain.com | +| waybackurls | – | | | | | | | | waybackurls domain.com \| unfurl -u domains | +| gau | – | | | | | | | Inconsistente en tiempo y resultados (71m!) | gau –subs domain.com \| unfurl -u domains | +| github-subdomains | – | | | | | | | | github-subdomains -d domain.com -k -q -t .github\_tokens -o result.txt | +| findomain | – | | | | | | | | findomain –quiet -t domain.com | +| OneForAll | – | | | | | | | | python3 oneforall.py –target domain.com –alive False –brute False –dns False –fmt json –path results/ run && cat results/domain.com.json \| jq ‘.\[] \| .subdomain’ |