TypeError / Domained
Licence: gpl-3.0
Multi Tool Subdomain Enumeration
Stars: ✭ 688
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Domained
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-73.55%)
Mutual labels: infosec, enumeration, bugbounty
Asnlookup
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (-76.31%)
Mutual labels: infosec, enumeration, bugbounty
Xxe Injection Payload List
🎯 XML External Entity (XXE) Injection Payload List
Stars: ✭ 304 (-55.81%)
Mutual labels: infosec, bugbounty
H2csmuggler
HTTP Request Smuggling over HTTP/2 Cleartext (h2c)
Stars: ✭ 292 (-57.56%)
Mutual labels: infosec, bugbounty
Go Dork
The fastest dork scanner written in Go.
Stars: ✭ 274 (-60.17%)
Mutual labels: infosec, bugbounty
Bugbounty Cheatsheet
A list of interesting payloads, tips and tricks for bug bounty hunters.
Stars: ✭ 3,644 (+429.65%)
Mutual labels: infosec, bugbounty
Hetty
Hetty is an HTTP toolkit for security research.
Stars: ✭ 3,596 (+422.67%)
Mutual labels: infosec, bugbounty
Bxss
bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.
Stars: ✭ 331 (-51.89%)
Mutual labels: infosec, bugbounty
Assessment Mindset
Security Mindmap that could be useful for the infosec community when doing pentest, bug bounty or red-team assessments.
Stars: ✭ 608 (-11.63%)
Mutual labels: infosec, bugbounty
Metabigor
Intelligence tool but without API key
Stars: ✭ 424 (-38.37%)
Mutual labels: infosec, bugbounty
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-26.02%)
Mutual labels: infosec, bugbounty
Megplus
Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Stars: ✭ 268 (-61.05%)
Mutual labels: infosec, bugbounty
Sonarsearch
A MongoDB importer and API for Project Sonars DNS datasets
Stars: ✭ 297 (-56.83%)
Mutual labels: enumeration, bugbounty
Pentesting
Misc. Public Reports of Penetration Testing and Security Audits.
Stars: ✭ 24 (-96.51%)
Mutual labels: infosec, bugbounty
Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+4683.28%)
Mutual labels: enumeration, bugbounty
PastebinMarkdownXSS
XSS in pastebin.com and reddit.com via unsanitized markdown output
Stars: ✭ 84 (-87.79%)
Mutual labels: infosec, bugbounty
targets
A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
Stars: ✭ 85 (-87.65%)
Mutual labels: infosec, bugbounty
domained
A domain name enumeration tool
Gist: Some terrible continually updated python code leveraging some awesome tools that I use for bug bounty reconnaissance.
The tools contained in domained requires Kali Linux (preferred) or Debian 7+ and Recon-ng
domained uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting with categorized screenshots, server response headers and signature based default credential checking. (resources are saved to ./bin and output is saved to ./output)
Initial Install:
- domained tools:
python3 domained.py --install
- Python required modules:
sudo pip install -r ./ext/requirements.txt
Other Dependencies:
-
ldns library for DNS programming:
sudo apt-get install libldns-dev -y
-
Go Programming Language:
sudo apt-get install golang
NOTE: This is an active recon – only perform on applications that you have permission to test against.
Tools leveraged:
Subdomain Enumeraton Tools:
- Sublist3r by Ahmed Aboul-Ela
- enumall by Jason Haddix
- Knock by Gianni Amato
- Subbrute by TheRook
- massdns by B. Blechschmidt
- Recon-ng by Tim Tomes (LaNMaSteR53)
- Amass by Jeff Foley (caffix)
- SubFinder by by Ice3man543
Reporting + Wordlists:
- EyeWitness by ChrisTruncer
- SecList (DNS Recon List) by Daniel Miessler
- LevelUp All.txt Subdomain List by Jason Haddix
Usage
First Step:
Install Required Python Modules: sudo pip install -r ./ext/requirements.txt
Install Tools: sudo python3 domained.py --install
Example 1: python3 domained.py -d example.com
Uses subdomain example.com (Sublist3r (+subbrute), enumall, Knock, Amass, and SubFinder)
Example 2: python3 domained.py -d example.com -b -p --vpn
Uses subdomain example.com with seclist subdomain list bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall, and SubFinder), adds ports 8443/8080 and checks if on VPN
Example 3: python3 domained.py -d example.com -b --bruteall
Uses subdomain example.com with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall and SubFinder)
Example 4: python3 domained.py -d example.com --quick
Uses subdomain example.com and only Amass and SubFinder
Example 5: python3 domained.py -d example.com --quick --notify
Uses subdomain example.com, only Amass and SubFinder and notification
Example 6: python3 domained.py -d example.com --noeyewitness
Uses subdomain example.com with no EyeWitness
Note: --bruteall must be used with the -b flag
Option | Description |
---|---|
--install/--upgrade | Both do the same function – install all prerequisite tools |
--vpn | Check if you are on VPN (update with your provider) |
--quick | Use ONLY Amass and SubFinder |
--bruteall | Bruteforce with JHaddix All.txt List instead of SecList |
--fresh | Delete old data from output folder |
--notify | Send Pushover or Gmail Notifications |
--active | EyeWitness Active Scan |
--noeyewitness | No Eyewitness |
-d | The domain you want to preform recon on |
-b | Bruteforce with subbrute/massdns and SecList wordlist |
-s n | Only HTTPs domains |
-p | Add port 8080 for HTTP and 8443 for HTTPS |
Notifications
- Complete the ext/notifycfg.ini for Pushover or Gmail notifications. (Enable must be set to True)
- Please see the Pushover API info here and instructions on how to allow less secure apps on your gmail account here
To-Do List
- [ ] Multiple Domains
- [x]
Notifications - [ ] Subdomains from censys
- [ ] Subdomains from Shodan
- [ ] Web Frontend/Dashboard
- [x]
Add SubFinder
Thank You to Contributors
- ccsplit - Multiple code improvements including the ability to run domained from any directory
- jafoca - Massdns fix
- mortymorty - SecList brute file fix
- Chan9390 - Updates to the requirements.txt
- dainok - Python 3.6+ fixes
- Apoorv Raj Saxena - Added SubFinder
Major Updates
- 07-15-2017: Updated to include error handling and updated reconnaissance techniques from Bugcrowd's LevelUp Conference (including subbrute/masscan and subdomain lists) - influenced by Jason Haddix's talk Bug Hunter's Methodology 2.0
- 08-09-2017: Various fixes (+ phantomjs error), added --fresh option, removed redundant PyBrute folder from output and added pip requirements.txt
- 08-15-2017: Added notification (--notify) option with Pushover or Gmail support
- 08-18-2017: Moved repo from OrOneEqualsOne/reconned
- 09-28-2017: Updated for Recon-ng dependency + Python3 changes
- 06-20-2018: Added Amass and option for no EyeWitness
- 10-12-2018: Added SubFinder
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].