Subdomain Enumerator is a simple automation of the subdomain recon process which utilized output from multiple tools to gather a list of subdomain for a TLD. It is aimed to reduce the effort of:
- Running multiple tools
- Merging outputs
- Sanitization
The tool might be a bit rusty as this is my first such attempt but it does the work.
The tool follows the following process for subdomain enumeration:
- Perform wildcard configuration check for the domain
- Run Amass
- Query SSL repositories
- Create a wordlist for DNS bruteforcing
- Perform DNS bruteforcing using MassDNS
- Merge the results
- Perform sanitization
The script is written in Go; so it is possible to cross compile it easily for other environments
Clone the repository using git clone. Then, you need to run ./install.sh, which will install the dependecies for the tool.
Note: You need to be root to install the dependencies using install.sh
Ensure that the script is run from the same directory from which install.sh is run
Usage: go run SubdomainENumerator.go -domain [domain_to_be_enumerated]
-domain string
Domain to be enumerated for subdomains e.g. yahoo.com
-h --help
Shows help
Thanks to Noobhax for the recon process which sets base for this script.