How I do subdomain enumeration by aggregating multiple tools in a bash script. The script contains the following tools:
(thread)
(thread)
1. findomain @FindomainApp
- takes: -t $1 and adds the findings to a new file
- takes: -t $1 and adds the findings to a new file
2. assetfinder @TomNomNom
- takes: $1, looks for -subs-only, sorts unique, and appends to the above file
- takes: $1, looks for -subs-only, sorts unique, and appends to the above file
3. subfinder @pdiscoveryio
- with private keys to different APIs
- takes: -d $1, works silently, appends to the file
- with private keys to different APIs
- takes: -d $1, works silently, appends to the file
4. Afterwards, multiple cleaning steps, sorting for alive, and output to a final clean file.
5. I've experimented with adding other tools to the script, but I find that this small combo is often more than enough.
6. PRO tip: I run this at multiple levels of depth.
You can reverse-engineer my entire script based on the above points.
You can reverse-engineer my entire script based on the above points.
7. I might post similar stuff in the future, so stay tuned here and on my newsletter at: cristivlad.substack.com
Like, retweet, and follow me for more posts like this.
#infosec #pentesting #cybersecurity #appsec #recon #bugbounty
Like, retweet, and follow me for more posts like this.
#infosec #pentesting #cybersecurity #appsec #recon #bugbounty
Loading suggestions...