Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.

Stars: ✭ 498 (-53.54%)

Mutual labels: dns, subdomain, reconnaissance

Sonarsearch

A MongoDB importer and API for Project Sonars DNS datasets

Stars: ✭ 297 (-72.29%)

Mutual labels: dns, subdomain

Getaltname

Extract subdomains from SSL certificates in HTTPS sites.

Stars: ✭ 320 (-70.15%)

Mutual labels: dns, subdomain

Dnsbrute

a fast domain brute tool

Stars: ✭ 352 (-67.16%)

Mutual labels: dns, domain

Maryam

Maryam: Open-source Intelligence(OSINT) Framework

Stars: ✭ 371 (-65.39%)

Mutual labels: dns, reconnaissance

Aiodnsbrute

Python 3.5+ DNS asynchronous brute force utility

Stars: ✭ 370 (-65.49%)

Mutual labels: dns, subdomain

Dictionary Of Pentesting

Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。

Stars: ✭ 492 (-54.1%)

Mutual labels: dns, subdomain

Osmedeus

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Stars: ✭ 3,391 (+216.32%)

Mutual labels: subdomain, reconnaissance

Kldns

快乐二级域名分发系统

Stars: ✭ 277 (-74.16%)

Mutual labels: dns, domain

domainerator

Simple application written in Go that combines two wordlists and a list of TLDs to form domain names and check if they are already registered.

Stars: ✭ 26 (-97.57%)

Mutual labels: dns, domain

Amass

In-depth Attack Surface Mapping and Asset Discovery

Stars: ✭ 6,284 (+486.19%)

Mutual labels: dns, subdomain

Bugcrowd Levelup Subdomain Enumeration

This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

Stars: ✭ 513 (-52.15%)

Mutual labels: dns, subdomain

Teemo

A Domain Name & Email Address Collection Tool

Stars: ✭ 595 (-44.5%)

Mutual labels: subdomain, domain

Dnsprobe

DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

Stars: ✭ 221 (-79.38%)

Mutual labels: dns, subdomain

Sub-Drill

A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.

Stars: ✭ 70 (-93.47%)

Mutual labels: subdomain, reconnaissance

Bash Toolkit

Este proyecto esá destinado a ayudar a los sysadmin

Stars: ✭ 13 (-98.79%)

Mutual labels: dns, domain

View All Similar Projects ➔

Fierce

Fierce is a DNS reconnaissance tool for locating non-contiguous IP space.

Useful links:

Overview

First, credit where credit is due, fierce was originally written by RSnake along with others at http://ha.ckers.org/. This is simply a conversion to Python 3 to simplify and modernize the codebase.

The original description was very apt, so I'll include it here:

Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It's really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That's especially useful in targeted malware.

Installing

$ python -m pip install fierce
$ fierce -h

$ git clone https://github.com/mschwager/fierce.git
$ cd fierce
$ python -m pip install -r requirements.txt
$ python fierce/fierce.py -h

Requires Python 3.

Using

Let's start with something basic:

$ fierce --domain google.com --subdomains accounts admin ads

Traverse IPs near discovered domains to search for contiguous blocks with the --traverse flag:

$ fierce --domain facebook.com --subdomains admin --traverse 10

Limit nearby IP traversal to certain domains with the --search flag:

$ fierce --domain facebook.com --subdomains admin --search fb.com fb.net

Attempt an HTTP connection on domains discovered with the --connect flag:

$ fierce --domain stackoverflow.com --subdomains mail --connect

Exchange speed for breadth with the --wide flag, which looks for nearby domains on all IPs of the /24 of a discovered domain:

$ fierce --domain facebook.com --wide

Zone transfers are rare these days, but they give us the keys to the DNS castle. zonetransfer.me is a very useful service for testing for and learning about zone transfers:

$ fierce --domain zonetransfer.me

To save the results to a file for later use we can simply redirect output:

$ fierce --domain zonetransfer.me > output.txt

Internal networks will often have large blocks of contiguous IP space assigned. We can scan those as well:

$ fierce --dns-servers 10.0.0.1 --range 10.0.0.0/24

Check out --help for further information:

$ fierce --help

Developing

First, install development packages:

$ python -m pip install -r requirements.txt
$ python -m pip install -r requirements-dev.txt
$ python -m pip install -e .

Testing

$ pytest

Linting

$ flake8

Coverage

$ pytest --cov

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 1,072

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (5) 🔗