Subdomains.Sh – A Wrapper Around Tools I Use For Subdomain Enumeration On A Given Domain. This Script Is Written With The Aim To Automate The Workflow
subdomains.sh wrapper around tools I use for subdomain enumeration, to automate the workflow, on a given domain.
Usage
To display this script’s help message, use the -h flag:
subdomains.sh -hsubdomains for * –use-passive-source comma(,) separated tools to use –exclude-passive-source comma(,) separated tools to exclude –skip-semi-active skip semi active techniques -r, –resolvers list of DNS resolvers * –skip-dictionary skip dictionary brute forcing -dW, –dictionary-wordlist wordlist for dictionary brute forcing –skip-permutation skip permutation brute forcing -pW, –permutation-wordlist wordlist for permutation brute forcing –skip-dns-records skip discovery from DNS records –skip-reverse-dns skip discovery from reverse DNS lookup –skip-active skip active techniques -o, –output output text file –setup install/update this script & dependencies -h, –help display this help message and exit NOTE: options marked with asterik(*) are required. HAPPY HACKING :)”>
_ _ _ _ ___ _ _| |__ __| | ___ _ __ ___ __ _(_)_ __ ___ ___| |__ / __| | | | '_ / _` |/ _ | '_ ` _ / _` | | '_ / __| / __| '_ __ |_| | |_) | (_| | (_) | | | | | | (_| | | | | __ ___ | | | |___/__,_|_.__/ __,_|___/|_| |_| |_|__,_|_|_| |_|___(_)___/_| |_| v1.0.0 USAGE: subdomains.sh [OPTIONS] OPTIONS: -d, --domain domain to gather subdomains for * --use-passive-source comma(,) separated tools to use --exclude-passive-source comma(,) separated tools to exclude --skip-semi-active skip semi active techniques -r, --resolvers list of DNS resolvers * --skip-dictionary skip dictionary brute forcing -dW, --dictionary-wordlist wordlist for dictionary brute forcing --skip-permutation skip permutation brute forcing -pW, --permutation-wordlist wordlist for permutation brute forcing --skip-dns-records skip discovery from DNS records --skip-reverse-dns skip discovery from reverse DNS lookup --skip-active skip active techniques -o, --output output text file --setup install/update this script & dependencies -h, --help display this help message and exit NOTE: options marked with asterik(*) are required. HAPPY HACKING :) Installation
Run the installation script:
_ _ _ _
___ _ _| |__ __| | ___ _ __ ___ __ _(_)_ __ ___ ___| |__
/ __| | | | '_ / _` |/ _ | '_ ` _ / _` | | '_ / __| / __| '_
__ |_| | |_) | (_| | (_) | | | | | | (_| | | | | __ ___ | | |
|___/__,_|_.__/ __,_|___/|_| |_| |_|__,_|_|_| |_|___(_)___/_| |_| v1.0.0
USAGE:
subdomains.sh [OPTIONS]
OPTIONS:
-d, --domain domain to gather subdomains for *
--use-passive-source comma(,) separated tools to use
--exclude-passive-source comma(,) separated tools to exclude
--skip-semi-active skip semi active techniques
-r, --resolvers list of DNS resolvers *
--skip-dictionary skip dictionary brute forcing
-dW, --dictionary-wordlist wordlist for dictionary brute forcing
--skip-permutation skip permutation brute forcing
-pW, --permutation-wordlist wordlist for permutation brute forcing
--skip-dns-records skip discovery from DNS records
--skip-reverse-dns skip discovery from reverse DNS lookup
--skip-active skip active techniques
-o, --output output text file
--setup install/update this script & dependencies
-h, --help display this help message and exit
NOTE: options marked with asterik(*) are required.
HAPPY HACKING :)
Credits
Credit goes to the authors of the various tools I used in this script:
- @OWASP for amass
- @hakluke for hakrevdns
- @d3mondev for puredns
- @tomnonom for anew
- @Edu4rdSHL for findomain
- @signedsecurity for sigsubfind3r
- @projectdiscovery for subfinder & httpx
Contribution
Issues and Pull Requests are welcome!
Download Subdomains.Sh
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.
