FeeiCN / Esd
Licence: gpl-3.0
Enumeration sub domains(枚举子域名)
Stars: ✭ 785
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Esd
Pentester Fully Automatic Scanner
DNS Subdomain● Brute force ● Web Spider ● Nmap Scan ● etc
Stars: ✭ 315 (-59.87%)
Mutual labels: security-tools, security-scanner, brute-force, subdomain-scanner
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+270.83%)
Mutual labels: security-tools, security-scanner, brute-force
yandi-scanner
Network Security Vulnerability Scanner
Stars: ✭ 110 (-85.99%)
Mutual labels: brute-force, security-scanner, subdomain-scanner
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (-53.76%)
Mutual labels: security-tools, security-scanner
Shodansploit
🔎 shodansploit > v1.3.0
Stars: ✭ 342 (-56.43%)
Mutual labels: security-tools, security-scanner
Super
Secure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (-56.69%)
Mutual labels: security-tools, security-scanner
Salt Scanner
Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
Stars: ✭ 261 (-66.75%)
Mutual labels: security-tools, security-scanner
Applicationinspector
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+393.38%)
Mutual labels: security-tools, security-scanner
Aiodnsbrute
Python 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (-52.87%)
Mutual labels: security-tools, brute-force
Burpa
Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (-45.61%)
Mutual labels: security-tools, security-scanner
Yasuo
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (-34.14%)
Mutual labels: security-tools, security-scanner
Salus
Security scanner coordinator
Stars: ✭ 441 (-43.82%)
Mutual labels: security-tools, security-scanner
Jsprime
a javascript static security analysis tool
Stars: ✭ 556 (-29.17%)
Mutual labels: security-tools, security-scanner
Bandit
Bandit is a tool designed to find common security issues in Python code.
Stars: ✭ 3,763 (+379.36%)
Mutual labels: security-tools, security-scanner
Taipan
Web application vulnerability scanner
Stars: ✭ 359 (-54.27%)
Mutual labels: security-tools, security-scanner
Wsltools
Web Scan Lazy Tools - Python Package
Stars: ✭ 288 (-63.31%)
Mutual labels: security-tools, security-scanner
Ladongo
Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Stars: ✭ 366 (-53.38%)
Mutual labels: security-tools, brute-force
Inql
InQL - A Burp Extension for GraphQL Security Testing
Stars: ✭ 715 (-8.92%)
Mutual labels: security-tools, security-scanner
Krane
Kubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (-67.64%)
Mutual labels: security-tools, security-scanner
Evilscan
NodeJS Simple Network Scanner
Stars: ✭ 428 (-45.48%)
Mutual labels: security-tools, security-scanner
ESD(Enumeration Sub Domain)
优势
支持泛解析域名
基于
RSC(响应相似度对比)技术对泛解析域名进行枚举(受网络质量、网站带宽等影响,速度会比较慢)
基于aioHTTP获取一个不存在子域名的响应内容,并将其和字典子域名响应进行相似度比对。
超过阈值则说明是同个页面,否则则为可用子域名,并对最终子域名再次进行响应相似度对比。
更快的速度
基于
AsyncIO异步协程技术对域名进行枚举(受网络和DNS服务器影响会导致扫描速度小幅波动,基本在250秒以内)
基于AsyncIO+aioDNS将比传统多进程/多线程/gevent模式快50%以上。
通过扫描qq.com,共170083条规则,找到1913个域名,耗时163秒左右,平均1000+条/秒。
更全的字典
融合各类字典,去重后共170083条子域名字典
- 通用字典
- 单字母、单字母+单数字、双字母、双字母+单数字、双字母+双数字、三字母、四字母
- 单数字、双数字、三数字
- 域名解析商公布使用最多的子域名
- DNSPod: dnspod-top2000-sub-domains.txt
- 其它域名爆破工具字典
- subbrute: names_small.txt
- subDomainsBrute: subnames_full.txt
更多的收集渠道
- [X] 收集DNSPod接口泄露的子域名
- [X] 收集页面响应内容中出现的子域名
- [X] 收集跳转过程中的子域名
- [X] 收集HTTPS证书透明度子域名
- [X] 收集DNS域传送子域名
- [x] 收集搜索引擎子域名
- [x] 收集zoomeye、censys、fofa、shodan的接口结果
DNS服务器
- 解决各家DNS服务商对于网络线路出口判定不一致问题
- 解决各家DNS服务商缓存时间不一致问题
- 解决随机DNS问题,比如fliggy.com、plu.cn等
- 根据网络情况自动剔除无效DNS,提高枚举成功率
使用
仅在Python3下验证过
# 安装
pip install esd
# 升级
pip install esd --upgrade
CLI命令行使用
# 扫描单个域名
esd -d qq.com
# debug模式扫描单个域名
esd=debug esd -d qq.com
# 扫描多个域名(英文逗号分隔)
esd --domain qq.com,tencent.com
# 扫描单个域名且过滤子域名中单个特定响应内容
esd --domain mogujie.com --filter 搜本店
# 扫描单个域名且过滤子域名中多个特定响应内容
esd --domain mogujie.com --filter 搜本店,收藏店铺
# 扫描文件(文件中每行一个域名)
esd --file targets.txt
# 跳过相似度对比(开启这个选项会把所有泛解析的域名都过滤掉)
esd --domain qq.com --skip-rsc
# 使用搜索引擎进行子域名搜索(支持baidu、google、bing、yahoo,使用英文逗号分隔)
esd --domain qq.com --engines baidu,google,bing,yahoo
# 平均分割字典,加快爆破
esd --domain qq.com --split 1/4
# 使用DNS域传送漏洞获取子域名
esd --domain qq.com --dns-transfer
# 使用HTTPS证书透明度获取子域名
esd --domain qq.com --ca-info
程序调用
from ESD import EnumSubDomain
domains = EnumSubDomain('feei.cn').run()
后续
- 提升扫描速度
- 支持三级子域名,多种组合更多可能性
参考
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].