#Mind Map
Посмотреть вложение 103343
#Automated Subdomain Enumeration Tool
What is SubDomz?
SubDomz is an automation tool for finding the subdomains of the given target or targets passively. It uses multiple tools and various online search engines and services in parallel to find subdomains effectively and sort and save them in an organized way.https://github.com/0xPugal/SubDomz/tree/master
Upgrade Version
#install
Bash:
#!/bin/bash
# Installing tools
sudo apt-get install -y parallel jq python3 python3-pip unzip
pip3 install --break-system-packages shodan censys
# Installing go
wget https://go.dev/dl/go1.23.5.linux-amd64.tar.gz
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.23.5.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
go version
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
# Install tools using Go
GO111MODULE=on go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
GO111MODULE=on go install -v github.com/owasp-amass/amass/v3/...@master
GO111MODULE=on go install github.com/tomnomnom/assetfinder@latest
GO111MODULE=on go install -v github.com/projectdiscovery/chaos-client/cmd/chaos@latest
GO111MODULE=on go install -v github.com/hakluke/haktrails@latest
GO111MODULE=on go install github.com/lc/gau/v2/cmd/gau@latest
GO111MODULE=on go install github.com/gwen001/github-subdomains@latest
GO111MODULE=on go install github.com/gwen001/gitlab-subdomains@latest
GO111MODULE=on go install -v github.com/glebarez/cero@latest
GO111MODULE=on go install github.com/incogbyte/shosubgo@latest
GO111MODULE=on go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
GO111MODULE=on go install -v github.com/tomnomnom/anew@latest
GO111MODULE=on go install github.com/tomnomnom/unfurl@latest
git clone https://github.com/blechschmidt/massdns.git && cd massdns && make && sudo make install
GO111MODULE=on go install github.com/d3mondev/puredns/v2@latest
GO111MODULE=on go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest
# Downloading Resolvers
git clone https://github.com/trickest/resolvers
# Downloading wordlist
wget -O best-dns-wordlist.txt https://wordlists-cdn.assetnote.io/data/manual/best-dns-wordlist.txt
# Downloading .gau.toml for gau
wget https://raw.githubusercontent.com/lc/gau/master/.gau.toml
# Installing findomain
wget https://github.com/Findomain/Findomain/releases/download/8.2.1/findomain-linux.zip && unzip findomain-linux.zip && rm findomain-linux.zip && chmod +x findomain && sudo mv findomain /usr/bin/# configuration files and API keys
Код:
# configuration files and API keys
# feed with your api keys and tokens to subfinder and amass config files for moreee subdomains
export SUBFINDER_CONFIG=~/.config/subfinder/provider-config.yaml
export AMASS_CONFIG=~/.config/amass/config.ini
export HAKTRAILS_CONFIG=~/.config/haktools/haktrails-config.yml
export GITHUB_TOKEN="TOKEN_HERE"
export GITLAB_TOKEN="TOKEN_HERE"
export SHODAN_API_KEY="API_KEY_HERE"
export CHAOS_API_KEY="API_KEY_HERE"
export VIRUSTOTAL_API_KEY="API_KEY_HERE"
export RESOLVERS="resolvers/resolvers.txt"
export WORDLISTS="best-dbs-wordlist.txt"#SubDomz.sh
Bash:
#!/bin/bash
export PATH=$PATH:/usr/local/go/bin
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
go version
sleep 1
#colours
BOLD="\e[1m"
UNDERLINE="\e[4m"
RED="\e[31m"
GREEN="\e[32m"
BLUE="\e[34"
CYAN="\e[36m"
NC="\e[0m"
VERSION="3.0"
PRG=${0##*/}
source config.txt
Usage() {
while read -r line; do
printf "%b\n" "$line"
done <<-EOF
\r# ${BOLD}${GREEN}Options:${NC}
\r -d, --domain - Domain to enumerate
\r -l, --list - List of root domains to enumerate
\r -u, --use - Specify which tools to be used (Ex: subfinder, amass, crt,...)
\r -e, --exclude - Specify which tools to be excluded (Ex: findomain, wayback, gau,...)
\r -o, --output - Output file to save final results ( Default: <target>-Date-Time.txt)
\r -s, --silent - Show only subdomains in output
\r -hp, --http-probe - probe for working http/https servers
\r -k, --keep - keep the temporary files ( output from each tools)
\r -p, --parallel - Run parallely for faster results. Doesn't Work With -e/--exclude or -u/--use.
\r -h, --help - Display this help message and exit
\r -v, --version - Display the version and exit
\r -ls, --list-sources - Display all available sources/tools
EOF
exit 1
}
ListSources() {
echo -e "${BOLD}${CYAN}Available Sources/Tools:${NC}"
echo "wayback"
echo "Subfinder"
echo "Amass"
echo "Assetfinder"
echo "Chaos"
echo "Findomain"
echo "Haktrails"
echo "Gau"
echo "Github-subdomains"
echo "Gitlab-subdomains"
echo "Cero"
echo "Shosubgo"
echo "Censys"
echo "Crtsh"
echo "JLDC-anubis"
echo "Alienvault"
echo "Subdomain-center"
echo "Certspotter"
echo "VirusTotal"
echo "Puredns"
exit 1
}
spinner() {
processing="${1}"
while true;
do
dots=( "/" "-" "\\" "|" )
for dot in ${dots[@]};
do
printf "[${dot}] ${processing} \U1F50E"
printf " \r"
sleep 0.2
done
done
}
wayback() {
[ "$silent" == True ] && curl -sk "http://web.archive.org/cdx/search/cdx?url=*.$domain&output=txt&fl=original&collapse=urlkey&page=" | awk -F/ '{gsub(/:.*/, "", $3); print $3}' | sort -u | anew subenum-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${bold}WayBackMachine${end}" &
PID="$!"
}
curl -sk "http://web.archive.org/cdx/search/cdx?url=*.$domain&output=txt&fl=original&collapse=urlkey&page=" | awk -F/ '{gsub(/:.*/, "", $3); print $3}' | sort -u > tmp-wayback-$domain
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$bold[*] WayBackMachine$end: $(wc -l < tmp-wayback-$domain)"
}
}
Subfinder() {
[ "$silent" == True ] && subfinder -all -silent -d $domain -pc $SUBFINDER_CONFIG 2>/dev/null | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Subfinder${NC}" &
PID="$!"
}
subfinder -all -silent -d $domain -pc $SUBFINDER_CONFIG 1> tmp-subfinder-$domain 2>/dev/null
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Subfinder$NC: $(wc -l < tmp-subfinder-$domain)"
}
}
Amass() {
[ "$silent" == True ] && amass enum -passive -norecursive -noalts -d $domain 2>/dev/null | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Amass${NC}" &
PID="$!"
}
amass enum -passive -norecursive -noalts -d $domain 1> tmp-amass-$domain 2>/dev/null
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Amass$NC: $(wc -l < tmp-amass-$domain)"
}
}
Assetfinder() {
[ "$silent" == True ] && assetfinder --subs-only $domain | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Assetfinder${NC}" &
PID="$!"
}
assetfinder --subs-only $domain > tmp-assetfinder-$domain
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Assetfinder$NC: $(wc -l < tmp-assetfinder-$domain)"
}
}
Chaos() {
[ "$silent" == True ] && chaos -silent -key dd72c086-7b4e-4841-ac38-341a38cbb1a0 -d $domain | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Chaos${NC}" &
PID="$!"
}
chaos -silent -key dd72c086-7b4e-4841-ac38-341a38cbb1a0 -d $domain > tmp-chaos-$domain
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Chaos$NC: $(wc -l < tmp-chaos-$domain)"
}
}
Findomain() {
[ "$silent" == True ] && findomain -t $domain -q | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Findomain${NC}" &
PID="$!"
}
findomain -t $domain -q > tmp-findomain-$domain
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Findomain$NC: $(wc -l tmp-findomain-$domain)"
}
}
Haktrails() {
[ "$silent" == True ] && echo "$domain" | haktrails subdomains 2>/dev/null | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Haktrails${NC}" &
PID="$!"
}
echo "$domain" | haktrails subdomains 1> tmp-haktrails-$domain 2>/dev/null
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Haktrails$NC: $(wc -l tmp-haktrails-$domain)"
}
}
Gau() {
[ "$silent" == True ] && gau --threads 10 --subs $domain | unfurl -u domains | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Gau${NC}" &
PID="$!"
}
gau --threads 10 --subs $domain | unfurl -u domains > tmp-gau-$domain
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Gau$NC: $( wc -l < tmp-gau-$domain)"
}
}
Github-subdomains() {
[ "$silent" == True ] && github-subdomains -d $domain -t $GITHUB_TOKEN -raw 2>/dev/null | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Github-Subdomains${NC}" &
PID="$!"
}
github-subdomains -d $domain -t $GITHUB_TOKEN -raw 1> tmp-github-subdomains-$domain 2>/dev/null
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Github-Subdomains$NC: $( wc -l < tmp-github-subdomains-$domain)"
}
}
Gitlab-subdomains() {
[ "$silent" == True ] && gitlab-subdomains -d $domain -t $GITLAB_TOKEN 2>/dev/null | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Gitlab-Subdomains${NC}" &
PID="$!"
}
gitlab-subdomains -d $domain -t $GITLAB_TOKEN 1> tmp-gitlab-subdomains-$domain 2>/dev/null
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Github-Subdomains$NC: $( wc -l < tmp-gitlab-subdomains-$domain)"
}
}
Cero() {
[ "$silent" == True ] && cero $domain 2>/dev/null | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Cero${NC}" &
PID="$!"
}
cero $domain 1> tmp-cero-$domain 2>/dev/null
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Cero$NC: $( wc -l < tmp-cero-$domain)"
}
}
Shosubgo() {
echo "[-]Shodan api"
[ "$silent" == True ] && shosubgo -d $domain -s $SHODAN_API_KEY 2>/dev/null | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Shosubgo${NC}" &
PID="$!"
}
shosubgo -d $domain -s $SHODAN_API_KEY 1> tmp-shosubgo-$domain 2>/dev/null
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Shosubgo$NC: $( wc -l < tmp-shosubgo-$domain)"
}
}
Censys() {
echo "[-]You do not have access to the Censys API."
return 1
[ "$silent" == True ] && censys subdomains $domain | sed 's/^[ \t]*-//; s/-//g' 2>/dev/null | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Censys${NC}" &
PID="$!"
}
censys subdomains $domain | sed 's/^[ \t]*-//; s/-//g' 1> tmp-censys-$domain 2>/dev/null
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Censys$NC: $( wc -l < tmp-censys-$domain)"
}
}
Crtsh() {
[ "$silent" == True ] && curl -sk "https://crt.sh/?q=%.$domain&output=json" | tr ',' '\n' | awk -F'"' '/name_value/ {gsub(/\*\./, "", $4); gsub(/\\n/,"\n",$4);print $4}' | grep -w "$domain\$" | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Crtsh${NC}" &
PID="$!"
}
curl -sk "https://crt.sh/?q=%.$domain&output=json" | tr ',' '\n' | awk -F'"' '/name_value/ {gsub(/\*\./, "", $4); gsub(/\\n/,"\n",$4);print $4}' | grep -w "$domain\$" | sort -u > tmp-crt-$domain
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Crtsh$NC: $( wc -l < tmp-crt-$domain)"
}
}
JLDC() {
[ "$silent" == True ] && curl -sk "https://jldc.me/anubis/subdomains/$domain" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}JLDC${NC}" &
PID="$!"
}
curl -sk "https://jldc.me/anubis/subdomains/$domain" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u > tmp-jldc-$domain
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] JLDC$NC: $( wc -l < tmp-jldc-$domain)"
}
}
Alienvault() {
[ "$silent" == True ] && curl -s "https://otx.alienvault.com/api/v1/indicators/domain/$domain/url_list?limit=1000&page=100" | grep -o '"hostname": *"[^"]*' | sed 's/"hostname": "//' | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Alienvault${NC}" &
PID="$!"
}
curl -s "https://otx.alienvault.com/api/v1/indicators/domain/$domain/url_list?limit=1000&page=100" | grep -o '"hostname": *"[^"]*' | sed 's/"hostname": "//' | sort -u > tmp-alienvault-$domain
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Alienvault$NC: $( wc -l < tmp-alienvault-$domain)"
}
}
Subdomain-center() {
[ "$silent" == True ] && curl "https://api.subdomain.center/?domain=$domain" -s | jq -r '.[]' | sort -u | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Subdomain center${NC}" &
PID="$!"
}
curl "https://api.subdomain.center/?domain=$domain" -s | jq -r '.[]' | sort -u > tmp-subdomaincenter-$domain
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Subdomain center$NC: $( wc -l < tmp-subdomaincenter-$domain)"
}
}
Certspotter() {
[ "$silent" == True ] && curl -sk "https://api.certspotter.com/v1/issuances?domain=$domain&include_subdomains=true&expand=dns_names" | jq -r '.[].dns_names[]' | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}CertSpotter${NC}" &
PID="$!"
}
curl -sk "https://api.certspotter.com/v1/issuances?domain=$domain&include_subdomains=true&expand=dns_names" | jq -r '.[].dns_names[]' | sort -u > tmp-certspotter-$domain
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] CertSpotter$NC: $( wc -l < tmp-certspotter-$domain && echo)"
}
}
VirusTotal_v3() {
[ "$silent" == True ] && curl -s "https://www.virustotal.com/vtapi/v2/domain/report?apikey=$VIRUSTOTAL_API_KEY&domain=$domain" | jq | egrep -v "http|Alexa domain info" | grep "$domain" | sed 's/[",]//g' | sed 's/^[[:space:]]*//' | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}VirusTotal${NC}" &
PID="$!"
}
#echo "$VIRUSTOTAL_API_KEY"
curl -s "https://www.virustotal.com/api/v3/domains/$domain/subdomains?limit=1000" -H "X-Apikey: e305e03c513907696b384796434cd3051266d467851dc41381426615e623486d" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36" | jq -r '.data[].id' | sort -u > tmp-virustotal-$domain
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] VirusTotal$NC: $( wc -l < tmp-virustotal-$domain && echo)"
}
}
Puredns() {
[ "$silent" == True ] && puredns bruteforce $WORDLISTS $DOMAIN --resolvers $RESOLVERS | anew subdomz-$domain.txt || {
[[ ${PARALLEL} == True ]] || { spinner "${BOLD}Puredns${NC}" &
PID="$!"
}
puredns bruteforce best-dns-wordlist.txt $domain --resolvers resolvers/resolvers.txt --rate-limit 2000 --wildcard-batch 1000000 > tmp-puredns-$domain
[[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null
echo -e "$BOLD[*] Puredns$NC: $( wc -l < tmp-puredns-$domain && echo)"
}
}
Use() {
for i in $lu;
do
$i
done
[[ $out != False ]] && Out $out || Out
}
Exclude() {
for i in ${list[@]};
do
if [[ " ${le[@]} " =~ " ${i} " ]]; then
continue
else
$i
fi
done
[[ $out != False ]] && Out $out || Out
}
Out() {
[ "$silent" == False ] && {
[ -n "$1" ] && output="$1" || output="$domain.txt"
result=$(sort -u tmp-* | wc -l)
sort -u tmp-* >> $output
echo -e $GREEN"[+] The Final subdomains:$NC ${result}"
[ $httprobe == True ] && Alive "$output" "$domain"
[ $delete == True ] && rm tmp-*
}
}
Alive() {
[ "$silent" == False ] && printf "$BOLD[+] HTTP probing... $NC"
printf " \r"
cat $1 | httpx -silent > "alive-$2.txt"
[ "$silent" == False ] && echo -e $GREEN"[+] Alive Subdomains:$NC $(wc -l < alive-$2.txt)"
}
List() {
lines=$(wc -l < $hosts)
count=1
while read domain; do
[ "$silent" == False ] && echo -e "\n${UNDERLINE}${BOLD}${CYAN}[+] Domain ($count/$lines):${NC} ${domain}"
[ $prv == "a" ] && {
[[ ${PARALLEL} == True ]] && {
spinner "Enumerating" &
PID="$!"
export -f Subfinder Amass Assetfinder Chaos Findomain Haktrails Gau Github-subdomains Gitlab-subdomains Cero Shosubgo Censys Crtsh JLDC Alienvault Subdomain-center Certspotter VirusTotal Puredns spinner
export domain silent BOLD NC
parallel -j18 ::: Subfinder Amass Assetfinder Chaos Findomain Haktrails Gau Github-subdomains Gitlab-subdomains Cero Shosubgo Censys Crtsh JLDC Alienvault Subdomain-center Certspotter VirusTotal_v3 Puredns
kill ${PID}
[[ $out != False ]] && Out $out || Out
} || {
wayback
Subfinder
Amass
Assetfinder
Chaos
Findomain
Haktrails
Gau
Github-subdomains
Gitlab-subdomains
Cero
Shosubgo
Censys
Crtsh
JLDC
Alienvault
Subdomain-center
Certspotter
VirusTotal_v3
Puredns
[[ $out != False ]] && Out $out || Out
}
}
[ $prv == "e" ] && Exclude
[ $prv == "u" ] && Use
let count+=1
done < $hosts
}
Main() {
[ $domain == False ] && [ $hosts == False ]
[ $use != False ] && [ $exclude != False ] && { echo -e $UNDERLINE$RED"[!] You can use only one option: -e/--exclude or -u/--use"$NC; Usage; }
[ $domain != False ] && {
[ $use == False ] && [ $exclude == False ] && {
[[ ${PARALLEL} == True ]] && {
spinner "Enumerating" &
PID="$!"
export -f wayback Subfinder Amass Assetfinder Chaos Findomain Haktrails Gau Github-subdomains Gitlab-subdomains Cero Shosubgo Censys Crtsh JLDC Alienvault Subdomain-center Certspotter VirusTotal Puredns spinner
export domain silent BOLD NC
parallel -j18 ::: wayback Subfinder Amass Assetfinder Chaos Findomain Haktrails Gau Github-subdomains Gitlab-subdomains Cero Shosubgo Censys Crtsh JLDC Alienvault Subdomain-center Certspotter VirusTotal_v3 Puredns
kill ${PID}
} || {
wayback
Subfinder
Amass
Assetfinder
Chaos
Findomain
Haktrails
Gau
Cero
Shosubgo
Censys
Crtsh
JLDC
Alienvault
Subdomain-center
Certspotter
VirusTotal_v3
Puredns
}
[ $out == False ] && Out || Out $out
} || {
[ $use != False ] && Use
[ $exclude != False ] && Exclude
}
}
[ "$hosts" != False ] && {
[ $use != False ] && prv=u
[ $exclude != False ] && prv=e
[ $use == False ] && [ $exclude == False ] && prv=a
List
}
}
domain=False
hosts=False
use=False
exclude=False
silent=False
delete=True
out=False
httprobe=False
PARALLEL=False
list=(
)
while [ -n "$1" ]; do
case $1 in
-d|--domain)
domain=$2
shift ;;
-l|--list)
hosts=$2
shift ;;
-u|--use)
use=$2
lu=${use//,/ }
for i in $lu; do
if [[ ! " ${list[@]} " =~ " ${i} " ]]; then
echo -e $RED$UNDERLINE"[-] Unknown Function: $i"$NC
Usage
fi
done
shift ;;
-e|--exclude)
exclude=$2
le=${exclude//,/ }
for i in $le; do
if [[ ! " ${list[@]} " =~ " ${i} " ]]; then
echo -e $RED$UNDERLINE"[-] Unknown Function: $i"$NC
Usage
fi
done
shift ;;
-o|--output)
out=$2
shift ;;
-s|--silent)
silent=True ;;
-k|--keep)
delete=False ;;
-hp|--http-probe)
httprobe=True ;;
-h|--help)
Usage;;
-p|--parallel)
PARALLEL=True ;;
-v|--version)
echo -e "${BOLD} SubDomz $VERSION $NC"
exit 0 ;;
-ls|--list-sources)
ListSources
;;
*)
echo "[-] Unknown Option: $1"
Usage ;;
esac
shift
done
[ "$silent" == False ] && echo -e $CYAN"""
Subdomain Enumeration Tool
"""$NC
clear
Main#Subdomain in Subdomains
./Puredns_to_Puredns.sh xss.pro.txt
Bash:
#!/bin/bash
# Check if the user provided a file argument
if [ -z "$1" ]; then
echo "Usage: $0 <domains_file>"
exit 1
fi
# The input file containing the domains (passed as a command-line argument)
input_file="$1"
# Loop through each line (domain) in the file
while IFS= read -r domain
do
# Run PureDNS for each domain
puredns bruteforce 2m-subdomains.txt "$domain" --resolvers resolvers/resolvers.txt>> "tmp-puredns2puredns.txt"
done < "$input_file"
Последнее редактирование модератором: