Skip to content

This bash script automates reconnaissance for bug bounty hunting. It performs subdomain enumeration, port scanning, and directory enumeration for target domains, generating human-readable reports. It's interactive, using Amass for subdomain enumeration and nmap for port scanning. Designed to improve efficiency and reduce manual effort.

License

Notifications You must be signed in to change notification settings

SKHTW/Domain-Scanner-Script

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 

Repository files navigation

README

This tool is beneficial for automating recon in bug bounties because it helps to streamline the process of gathering information about a target domain. By automating tasks such as subdomain enumeration, port scanning, and directory enumeration, the tool frees up time for security researchers to focus on more critical tasks such as analyzing vulnerabilities and developing exploits.

Additionally, this tool can now perform scans using Assetfinder, Subfinder, Dnsgen, Massdns, Httprobe, and Aquatone. These scans can help to identify potential attack vectors that might have been missed during manual testing and increase the efficiency of bug bounty hunters.

Overall, this tool can be a valuable addition to the arsenal of any bug bounty hunter looking to improve their efficiency and increase their chances of uncovering vulnerabilities.

Dependencies

The following tools are required to run the script:

Amass

Nmap

cURL

Assetfinder

Subfinder

Dnsgen

Massdns

Httprobe

Aquatone

Usage

Clone the repository to your local machine using the following command:

git clone https://github.com/SKHTW/Domain-Scanner-Script.git

Change to the cloned directory:

cd Domain-Scanner-Script

Run the requirements.sh script to install the required dependencies:

sudo bash requirements.sh

Change the permission of the domain-scanner.sh script:

chmod +x domain-scanner.sh

Run the domain-scanner.sh script:

./domain-scanner.sh

Follow the prompts to enter the target domain(s) and select which scans to perform. You can enter a single domain or a list of domains separated by spaces. The results of each scan will be saved to a separate file in the reports directory. The file names will include the name of the scan type and the target domain. For example, the subdomain enumeration report for example.com would be saved to reports/example.com_subdomains.txt.

Notice:

Depending on the size and complexity of the website you're scanning, the tool can take some time to complete all of the scans. Please be patient and allow the tool to finish before moving on to your next target. Also, keep in mind that some domains may not have subdomains or open ports, so don't be alarmed if the results are not as extensive as you were hoping for. Happy hunting!

License:

This project is licensed under the terms of the MIT license. See the LICENSE file for details.

About

This bash script automates reconnaissance for bug bounty hunting. It performs subdomain enumeration, port scanning, and directory enumeration for target domains, generating human-readable reports. It's interactive, using Amass for subdomain enumeration and nmap for port scanning. Designed to improve efficiency and reduce manual effort.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages