Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Hacking Tools
Domained - Multi Tool Subdomain Enumeration
Message
<blockquote data-quote="Geniu" data-source="post: 310" data-attributes="member: 13"><p>A domain name <a href="https://www.kitploit.com/search/label/Enumeration" target="_blank">enumeration</a> tool</p><p>The tools contained in domained requires Kali Linux (preferred) or Debian 7+ and Recon-ng</p><p>domained uses several <a href="https://www.kitploit.com/search/label/Subdomain%20Enumeration" target="_blank">subdomain enumeration</a> tools and wordlists to create a unique list of subdomains that are passed to <a href="https://www.kitploit.com/search/label/EyeWitness" target="_blank">EyeWitness</a> for reporting with categorized screenshots, server response headers and signature based default credential checking. <em>(resources are saved to ./bin and output is saved to ./output)</em></p><p></p><p>Initial Install:</p><ul> <li data-xf-list-type="ul">domained tools: python3 domained.py --install</li> <li data-xf-list-type="ul">Python required modules: sudo pip install -r ./ext/requirements.txt</li> </ul><p>Other Dependencies:</p><ul> <li data-xf-list-type="ul"><a href="https://www.nlnetlabs.nl/documentation/ldns/" target="_blank">ldns</a>library for DNS programming:<ul> <li data-xf-list-type="ul">sudo apt-get install libldns-dev -y</li> </ul></li> <li data-xf-list-type="ul"><a href="https://golang.org/" target="_blank">Go</a>Programming Language:<ul> <li data-xf-list-type="ul">sudo apt-get install golang</li> </ul></li> </ul><p><em>NOTE: This is an active recon – only perform on applications that you have permission to test against.</em></p><p></p><p>Tools leveraged:</p><p></p><p>Subdomain Enumeraton Tools:</p><ol> <li data-xf-list-type="ol"><a href="https://github.com/aboul3la/Sublist3r" target="_blank">Sublist3r</a> by Ahmed Aboul-Ela</li> <li data-xf-list-type="ol"><a href="https://github.com/jhaddix/domain" target="_blank">enumall</a> by Jason Haddix</li> <li data-xf-list-type="ol"><a href="https://github.com/guelfoweb/knock" target="_blank">Knock</a> by Gianni Amato</li> <li data-xf-list-type="ol"><a href="https://github.com/TheRook/subbrute" target="_blank">Subbrute</a> by TheRook</li> <li data-xf-list-type="ol"><a href="https://github.com/blechschmidt/massdns" target="_blank">massdns</a> by B. Blechschmidt</li> <li data-xf-list-type="ol"><a href="https://bitbucket.org/LaNMaSteR53/recon-ng" target="_blank">Recon-ng</a> by Tim Tomes (LaNMaSteR53)</li> <li data-xf-list-type="ol"><a href="https://github.com/OWASP/Amass" target="_blank">Amass</a> by Jeff Foley (caffix)</li> <li data-xf-list-type="ol"><a href="https://github.com/subfinder/subfinder" target="_blank">SubFinder</a> by by Ice3man543</li> </ol><p></p><p>Reporting + Wordlists:</p><ul> <li data-xf-list-type="ul"><a href="https://github.com/FortyNorthSecurity/EyeWitness" target="_blank">EyeWitness</a> by ChrisTruncer</li> <li data-xf-list-type="ul"><a href="https://github.com/danielmiessler/SecLists" target="_blank">SecList</a> (DNS Recon List) by Daniel Miessler</li> <li data-xf-list-type="ul"><a href="https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056" target="_blank">LevelUp All.txt Subdomain List</a> by Jason Haddix</li> </ul><p></p><p>Usage:</p><p></p><p>First Step </p><p></p><p></p><p></p><p>Install Required Python Modules: sudo pip install -r ./ext/requirements.txt</p><p>Install Tools: sudo python3 domained.py --install</p><p></p><p>Example 1: python3 domained.py -d example.com</p><p>Uses subdomain example.com (Sublist3r (+subbrute), enumall, Knock, Amass, and SubFinder)</p><p></p><p>Example 2: python3 domained.py -d example.com -b -p --vpn</p><p>Uses subdomain example.com with seclist subdomain list <a href="https://www.kitploit.com/search/label/Bruteforcing" target="_blank">bruteforcing</a> (massdns, subbrute, Sublist3r, Amass, enumall, and SubFinder), adds ports 8443/8080 and checks if on VPN</p><p></p><p>Example 3: python3 domained.py -d example.com -b --bruteall</p><p>Uses subdomain example.com with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall and SubFinder)</p><p></p><p>Example 4: python3 domained.py -d example.com --quick</p><p>Uses subdomain example.com and only Amass and SubFinder</p><p></p><p>Example 5: python3 dom ained.py -d example.com --quick --notify</p><p>Uses subdomain example.com, only Amass and SubFinder and notification</p><p></p><p>Example 6: python3 domained.py -d example.com --noeyewitness</p><p>Uses subdomain example.com with no EyeWitness</p><p></p><p>Note: --bruteall must be used with the -b flag</p></blockquote><p></p>
[QUOTE="Geniu, post: 310, member: 13"] A domain name [URL='https://www.kitploit.com/search/label/Enumeration']enumeration[/URL] tool The tools contained in domained requires Kali Linux (preferred) or Debian 7+ and Recon-ng domained uses several [URL='https://www.kitploit.com/search/label/Subdomain%20Enumeration']subdomain enumeration[/URL] tools and wordlists to create a unique list of subdomains that are passed to [URL='https://www.kitploit.com/search/label/EyeWitness']EyeWitness[/URL] for reporting with categorized screenshots, server response headers and signature based default credential checking. [I](resources are saved to ./bin and output is saved to ./output)[/I] Initial Install: [LIST] [*]domained tools: python3 domained.py --install [*]Python required modules: sudo pip install -r ./ext/requirements.txt [/LIST] Other Dependencies: [LIST] [*][URL='https://www.nlnetlabs.nl/documentation/ldns/']ldns[/URL]library for DNS programming: [LIST] [*]sudo apt-get install libldns-dev -y [/LIST] [*][URL='https://golang.org/']Go[/URL]Programming Language: [LIST] [*]sudo apt-get install golang [/LIST] [/LIST] [I]NOTE: This is an active recon – only perform on applications that you have permission to test against.[/I] Tools leveraged: Subdomain Enumeraton Tools: [LIST=1] [*][URL='https://github.com/aboul3la/Sublist3r']Sublist3r[/URL] by Ahmed Aboul-Ela [*][URL='https://github.com/jhaddix/domain']enumall[/URL] by Jason Haddix [*][URL='https://github.com/guelfoweb/knock']Knock[/URL] by Gianni Amato [*][URL='https://github.com/TheRook/subbrute']Subbrute[/URL] by TheRook [*][URL='https://github.com/blechschmidt/massdns']massdns[/URL] by B. Blechschmidt [*][URL='https://bitbucket.org/LaNMaSteR53/recon-ng']Recon-ng[/URL] by Tim Tomes (LaNMaSteR53) [*][URL='https://github.com/OWASP/Amass']Amass[/URL] by Jeff Foley (caffix) [*][URL='https://github.com/subfinder/subfinder']SubFinder[/URL] by by Ice3man543 [/LIST] Reporting + Wordlists: [LIST] [*][URL='https://github.com/FortyNorthSecurity/EyeWitness']EyeWitness[/URL] by ChrisTruncer [*][URL='https://github.com/danielmiessler/SecLists']SecList[/URL] (DNS Recon List) by Daniel Miessler [*][URL='https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056']LevelUp All.txt Subdomain List[/URL] by Jason Haddix [/LIST] Usage: First Step Install Required Python Modules: sudo pip install -r ./ext/requirements.txt Install Tools: sudo python3 domained.py --install Example 1: python3 domained.py -d example.com Uses subdomain example.com (Sublist3r (+subbrute), enumall, Knock, Amass, and SubFinder) Example 2: python3 domained.py -d example.com -b -p --vpn Uses subdomain example.com with seclist subdomain list [URL='https://www.kitploit.com/search/label/Bruteforcing']bruteforcing[/URL] (massdns, subbrute, Sublist3r, Amass, enumall, and SubFinder), adds ports 8443/8080 and checks if on VPN Example 3: python3 domained.py -d example.com -b --bruteall Uses subdomain example.com with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall and SubFinder) Example 4: python3 domained.py -d example.com --quick Uses subdomain example.com and only Amass and SubFinder Example 5: python3 dom ained.py -d example.com --quick --notify Uses subdomain example.com, only Amass and SubFinder and notification Example 6: python3 domained.py -d example.com --noeyewitness Uses subdomain example.com with no EyeWitness Note: --bruteall must be used with the -b flag [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Hacking Tools
Domained - Multi Tool Subdomain Enumeration
Top