nsonaniya2010 / Subdomainizer
Licence: mit
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Stars: ✭ 915
Programming Languages
Projects that are alternatives of or similar to Subdomainizer
Gitgraber
gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...
Stars: ✭ 1,164 (+27.21%)
Mutual labels: security-tools, security-automation, bugbounty
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (-44.37%)
Mutual labels: security-tools, bugbounty, bug-bounty
Git Hound
Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Stars: ✭ 602 (-34.21%)
Mutual labels: security-tools, secrets, bug-bounty
Bbr
An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
Stars: ✭ 142 (-84.48%)
Mutual labels: security-tools, bugbounty, bug-bounty
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-79.23%)
Mutual labels: security-tools, bugbounty, bug-bounty
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-84.48%)
Mutual labels: bug-bounty, bugbounty, subdomain-scanner
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+275.85%)
Mutual labels: security-tools, bug-bounty, bugbounty
Bucket-Flaws
Bucket Flaws ( S3 Bucket Mass Scanner ): A Simple Lightweight Script to Check for Common S3 Bucket Misconfigurations
Stars: ✭ 43 (-95.3%)
Mutual labels: s3-bucket, bug-bounty, bugbounty
Yasuo
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (-43.5%)
Mutual labels: security-tools, security-automation
Monkey
Infection Monkey - An automated pentest tool
Stars: ✭ 5,572 (+508.96%)
Mutual labels: security-tools, security-automation
Secretscanner
Find secrets and passwords in container images and file systems
Stars: ✭ 895 (-2.19%)
Mutual labels: security-tools, secrets
Swiftnessx
A cross-platform note-taking & target-tracking app for penetration testers.
Stars: ✭ 673 (-26.45%)
Mutual labels: security-tools, bug-bounty
Gosec
Golang security checker
Stars: ✭ 5,694 (+522.3%)
Mutual labels: security-tools, security-automation
Burpa
Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (-53.33%)
Mutual labels: security-tools, security-automation
Awesome Oneliner Bugbounty
A collection of awesome one-liner scripts especially for bug bounty tips.
Stars: ✭ 594 (-35.08%)
Mutual labels: bugbounty, bug-bounty
Whaler
Program to reverse Docker images into Dockerfiles
Stars: ✭ 670 (-26.78%)
Mutual labels: security-tools, secrets
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-53.33%)
Mutual labels: security-tools, bugbounty
Subover
A Powerful Subdomain Takeover Tool
Stars: ✭ 607 (-33.66%)
Mutual labels: bugbounty, bug-bounty
Stacoan
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Stars: ✭ 707 (-22.73%)
Mutual labels: security-tools, bugbounty
Hardening
Hardening Ubuntu. Systemd edition.
Stars: ✭ 705 (-22.95%)
Mutual labels: security-tools, security-automation
Buy Me A Coffee
SubDomainizer
SubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascripts present in the given URL. This tool also finds S3 buckets, cloudfront URL's and more from those JS files which could be interesting like S3 bucket is open to read/write, or subdomain takeover and similar case for cloudfront. It also scans inside given folder which contains your files.
Cloud Storage Services Supported:
SubDomainizer can find URL's for following cloud storage services:
1. Amazon AWS services (cloudfront and S3 buckets)
2. Digitalocean spaces
3. Microsoft Azure
4. Google Cloud Services
5. Dreamhost
6. RackCDN.
Secret Key's Searching: (beta)
SubDomainizer will also find secrets present in content of the page and javascripts files. Those secret finding depends on some specific keywords and Shannon Entropy formula. It might be possible that some secrets which searched by tool will be false positive. This secret key searching is in beta and later version might have increased accuracy for search results.
Screenshots:
Installation Steps
- Clone SubDomainzer from git:
git clone https://github.com/nsonaniya2010/SubDomainizer.git
- Change the directory:
cd SubDomainizer
- Install the requirements:
pip3 install -r requirements.txt
- Enjoy the Tool.
Update to latest version:
Use following command to update to latest version:
git pull
Usage
| Short Form | Long Form | Description |
|---|---|---|
| -u | --url | URL in which you want to find (sub)domains. |
| -l | --listfile | File which contain list of URL's needs to be scanned. |
| -o | --output | Output file name in which you need to save the results. |
| -c | --cookie | Cookies which needs to be sent with request. |
| -h | --help | show the help message and exit. |
| -cop | --cloudop | Give file name in which you need to store cloud services results. |
| -d | --domain | Give TLD (eg. for www.example.com you have to give example.com) to find subdomain for given TLD. |
| -g | --gitscan | Needed if you want to get things via Github too. |
| -gt | --gittoken | Github API token is needed, if want to scan (also needed -g also). |
| -k | --nossl | Use this to bypass the verification of SSL certificate. |
| -f | --folder | Root folder which contains files/folder. |
| -san | --subject_alt_name | Find Subject Alternative Names for all found subdomains, Options: 'all', 'same'. |
SAN options description:
- all - This option will find all domains and subdomains.
- same - This will only find subdomains for specific subdomains.
Examples
- To list help about the tool:
python3 SubDomainizer.py -h
- To find subdomains, s3 buckets, and cloudfront URL's for given single URL:
python3 SubDomainizer.py -u http://www.example.com
- To find subdomains from given list of URL (file given):
python3 SubDomainizer.py -l list.txt
- To save the results in (output.txt) file:
python3 SubDomainizer.py -u https://www.example.com -o output.txt
- To give cookies:
python3 SubDomainizer.py -u https://www.example.com -c "test=1; test=2"
- To scan via github:
python3 SubDomainizer.py -u https://www.example.com -o output.txt -gt <github_token> -g
- No SSL Certificate Verification:
python3 SubDomainizer.py -u https://www.example.com -o output.txt -gt <github_token> -g -k
- Folder Scanning:
python3 SubDomainizer.py -f /path/to/root/folder/having/files/and/folders/ -d example.com -gt <github_token> -g -k
- Subject Alternative Names:
python3 SubDomainizer.py -u https://www.example -san all
Difference in results (with cookies and without cookies on facebook.com):
Results before using facebook cookies in SubDomainizer:
Results after using facebook cookies in SubDomainizer:
Changes:
In the latest version (2.0) following important features are added:
- Find Subject Alternative Names for the found subdomains.
- Added where the secrets were found.
License
This tools is licensed under the MIT license. take a look at the LICENSE for information about it.
Want to Help?
Want to help if you like features and tools? or Liked this tool? Help Here
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].