This script is designed for automated subdomain enumeration, combining multiple reconnaissance tools to help cybersecurity professionals, penetration testers, and bug bounty hunters uncover valuable subdomains. It provides a comprehensive and efficient workflow, generating a consolidated list of subdomains from various sources. With the use of tools like subfinder
, assetfinder
, sublist3r
, crt.sh
, shosubgo
, and asnmap
, this script saves time and effort by aggregating results in one file.
- Multi-Tool Integration: Uses popular subdomain enumeration tools for a wide-reaching scan.
- Streamlined Output: Merges and de-duplicates results into a single file.
- Easy to Extend: Designed as a base model, it is primed for future development with new tools and features.
- Built for Automation: Fully automated execution with minimal user input.
subfinder
– Quickly discovers subdomains using passive sources.assetfinder
– Finds subdomains related to the given domain.sublist3r
– Searches across multiple search engines for subdomains.crt.sh
– Retrieves subdomains from SSL certificate transparency logs.shosubgo
– Queries Shodan API for additional subdomain information.asnmap
– Provides subdomain enumeration based on ASN data.tlsx
– Helps with TLS information extraction during ASN mapping.
Before running the script, ensure that the following tools are installed and available in your system's $PATH
:
subfinder
assetfinder
sublist3r
curl
jq
asnmap
tlsx
shosubgo
(set the correct path to your executable)
- Clone this repository:
git clone https://github.com/Saitle/V1enum.git cd V1enum
- Make the script executable
chmod +x v2enum.sh
- Fire up!!!
./v2enum.sh -d <domain>
💡 Pro Tip: Before you hit that 'Enter' key, make sure to edit the script and add your Shodan API key in place of <shodan_api_key
. Don't worry, I won’t tell anyone if you forget to do it the first time. 😉