All Projects → m8r0wn → Subscraper

m8r0wn / Subscraper

Licence: gpl-3.0
Subdomain enumeration through various techniques

Programming Languages

python
116272 projects - #7 most used programming language
python3
1442 projects

Projects that are alternatives of or similar to Subscraper

Justtryharder
JustTryHarder, a cheat sheet which will aid you through the PWK course & the OSCP Exam. (Inspired by PayloadAllTheThings)
Stars: ✭ 450 (+69.81%)
Mutual labels:  penetration-testing, pentest, pentest-tool
Thc Hydra
hydra
Stars: ✭ 5,645 (+2030.19%)
Mutual labels:  penetration-testing, pentest, pentest-tool
Kaboom
A tool to automate penetration tests
Stars: ✭ 322 (+21.51%)
Mutual labels:  penetration-testing, pentest, pentest-tool
Powerladon
Ladon Network Penetration Scanner for PowerShell, vulnerability / exploit / detection / MS17010/SmbGhost,Brute-Force SMB/IPC/WMI/NBT/SSH/FTP/MSSQL/MYSQL/ORACLE/VNC
Stars: ✭ 39 (-85.28%)
Mutual labels:  pentest, pentest-tool, subdomain-scanner
LiteOTP
Multi OTP Spam Amp/Paralell threads
Stars: ✭ 50 (-81.13%)
Mutual labels:  penetration-testing, pentest, pentest-tool
MailRipV3
SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.
Stars: ✭ 28 (-89.43%)
Mutual labels:  penetration-testing, pentest, pentest-tool
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (+78.87%)
Mutual labels:  penetration-testing, pentest, pentest-tool
Habu
Hacking Toolkit
Stars: ✭ 635 (+139.62%)
Mutual labels:  penetration-testing, pentest, pentest-tool
Jwtxploiter
A tool to test security of json web token
Stars: ✭ 130 (-50.94%)
Mutual labels:  penetration-testing, pentest, pentest-tool
Pwncat
pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)
Stars: ✭ 904 (+241.13%)
Mutual labels:  penetration-testing, pentest, pentest-tool
Docker Security Images
🔐 Docker Container for Penetration Testing & Security
Stars: ✭ 172 (-35.09%)
Mutual labels:  penetration-testing, pentest, pentest-tool
Trigmap
A wrapper for Nmap to quickly run network scans
Stars: ✭ 132 (-50.19%)
Mutual labels:  penetration-testing, pentest, pentest-tool
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (-86.79%)
Mutual labels:  penetration-testing, pentest, pentest-tool
Nightingale
It's a Docker Environment for pentesting which having all the required tool for VAPT.
Stars: ✭ 119 (-55.09%)
Mutual labels:  penetration-testing, pentest-tool
kali-live-build
Kali Live Build Scripts
Stars: ✭ 25 (-90.57%)
Mutual labels:  penetration-testing, pentest
Writeups
This repository contains writeups for various CTFs I've participated in (Including Hack The Box).
Stars: ✭ 61 (-76.98%)
Mutual labels:  penetration-testing, pentest
Bifrost
Bifrost C2. Open-source post-exploitation using Discord API
Stars: ✭ 37 (-86.04%)
Mutual labels:  pentest, pentest-tool
awesome-pentest-tools
List of Security Archives Tools and software, generally for facilitate security & penetration research. Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.
Stars: ✭ 34 (-87.17%)
Mutual labels:  pentest, pentest-tool
crawleet
Web Recon & Exploitation Tool.
Stars: ✭ 48 (-81.89%)
Mutual labels:  pentest, pentest-tool
uberscan
Security program for recovering passwords and pen-testing servers, routers and IoT devices using brute-force password attacks.
Stars: ✭ 31 (-88.3%)
Mutual labels:  pentest, pentest-tool

SubScraper

       

SubScraper is a subdomain enumeration tool that uses a variety of techniques to find potential subdomains of a given target. This is especially helpful during penetration testing or bug bounty hunting to uncover additional attack surfaces. Depending on the the CMD args used, SubScraper can perform DNS lookups and HTTP/S requests during the enumeration process to help prioritize targets and aid in potential next steps.

Key Features

  • Modular design makes it easy to add new techniques/sources.
  • Various levels of enumeration for additional data gathering.
  • Allows for multiple target inputs, or read targets from txt file.
  • Multi-threaded for additional speed.

Enumeration Techniques

  • DNS brute-force with built-in or custom wordlist
  • Censys.io (API Key required https://censys.io/register)
  • Archive.org (Wayback Machine)
  • Google & Bing web scraping
  • DNS Dumpster
  • DNSBufferOverRun
  • ThreatCrowd
  • CRT.SH

Install

git clone https://github.com/m8r0wn/subscraper
cd subscraper
python3 setup.py install

Usage

Subdomain Enumeration

  • The most basic usage of SubScraper will use bruteforce and web scraping techniques to find all available subdomains of the given target(s). Once complete, a "subscraper_report.txt" file will be created in the current directory listing all subdomains discovered:
subscraper example.com
  • By Changing the level of enumeration (1-3), users can increase the data displayed for each subdomain:
    • 1 - Show all enumerated subdomains (Default & Fastest)
    • 2 - Used DNS to determine if subdomain is active and only display live hosts
    • 3 - Perform live check and get HTTP/S response code for each subdomain
subscraper --enum 2 example.com
subscraper -e 3 example.com

Subdomain Takeover

Once the output report is complete, users can check for subdomain takeover opportunities using the following command. This will perform CNAME lookups on all potential targets and display the results:

subscraper --takeover subscraper_report.txt

All Options

SubScraper Options:
  -T MAX_THREADS       Max threads
  -t TIMEOUT           Timeout [seconds] for search threads (Default: 25)
  -o REPORT            Output to specific file
  target               Target domain (Positional)

Enumeration Options:
  -s                   Only use scraping techniques
  -b                   Only use DNS brute force
  -w SUBLIST           Custom subdomain wordlist
  -e LVL, --enum LVL   Enumeration Level:
                       1: Subdomain Only (Default)
                       2: Live subdomains, verified by DNS
                       3: Live check & get HTTP/S response codes

Enumeration Advanced:
  --censys-api API     Censys.io API Key
  --censys-secret KEY  Censys.io Secret

Subdomain TakeOver:
  --takeover           Perform takeover check on list of subs
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected]