Brute force DNS records using shuffleDNS + BBRF + Axiom
1. Get all domains from all BBRF programs
bbrf domains --all --show-disabled > alldomains.bbrf.txt
wc -l
6,113,435 alldomains.bbrf.txt
1. Get all domains from all BBRF programs
bbrf domains --all --show-disabled > alldomains.bbrf.txt
wc -l
6,113,435 alldomains.bbrf.txt
2. Create a new list with subdomains and domains of every program (TLD included) [removing duplicated]
cat alldomains.bbrf.txt |tr '\.' '\n'|sort -u > wordlist.bruteforce.txt
wc -l
4,588,685 wordlist.bruteforce.txt
cat alldomains.bbrf.txt |tr '\.' '\n'|sort -u > wordlist.bruteforce.txt
wc -l
4,588,685 wordlist.bruteforce.txt
3. Build a good list of DNS resolvers.
github.com (watched a video made by @codingo_ about this topic/issue)
github.com (watched a video made by @codingo_ about this topic/issue)
4. Use axiom + shuffledns
axiom-scan domains-shufflends.txt -m shuffledns -wL wordlist.bruteforce.txt -r /home/op/resolvers.txt -o output-shufflendns.txt
axiom-scan domains-shufflends.txt -m shuffledns -wL wordlist.bruteforce.txt -r /home/op/resolvers.txt -o output-shufflendns.txt
5. Add the new domains to BBRF
cat output-shufflendns.txt | bbrf domain add - -p@INFER --show-new
cat output-shufflendns.txt | bbrf domain add - -p@INFER --show-new
6. Add URLs to BBRF (checking HTTP(S) protocol running on domains)
cat output-shufflendns.txt| httpx | bbrf url add - -p@INFER --show-new
#bugbounty #bugbountytip #axiom #shuffledns
cat output-shufflendns.txt| httpx | bbrf url add - -p@INFER --show-new
#bugbounty #bugbountytip #axiom #shuffledns
Loading suggestions...