{"id":13292259,"url":"https://github.com/0xAkashsky/sub-scout","last_synced_at":"2025-03-10T07:32:52.936Z","repository":{"id":174226736,"uuid":"584767030","full_name":"0xAkashsky/sub-scout","owner":"0xAkashsky","description":"Simple bash Script to automate initial recon using (httpx, puredns, regulator, wayback, katana, aquatone) ","archived":false,"fork":false,"pushed_at":"2023-01-05T16:08:05.000Z","size":229,"stargazers_count":26,"open_issues_count":0,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2023-06-10T16:27:15.163Z","etag":null,"topics":["bugbounty","cybersecurity","infosec","infosectools","security","tools"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xAkashsky.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-03T13:15:28.000Z","updated_at":"2023-04-30T07:14:50.000Z","dependencies_parsed_at":null,"dependency_job_id":"a8c530b8-63e9-4237-8d33-364795c7db19","html_url":"https://github.com/0xAkashsky/sub-scout","commit_stats":null,"previous_names":["0xakashsky/sub-scout"],"tags_count":0,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xAkashsky%2Fsub-scout","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xAkashsky%2Fsub-scout/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xAkashsky%2Fsub-scout/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xAkashsky%2Fsub-scout/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xAkashsky","download_url":"https://codeload.github.com/0xAkashsky/sub-scout/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242811856,"owners_count":20189140,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","cybersecurity","infosec","infosectools","security","tools"],"created_at":"2024-07-29T17:07:40.425Z","updated_at":"2025-03-10T07:32:52.930Z","avatar_url":"https://github.com/0xAkashsky.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/0xAkashsky/sub-scout/blob/main/static/sub-scout-logo1.png\" alt=\"sub-scout\" width=\"400px\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n\u003c/h1\u003e\n\nA simple bash script to automate your inital recon and extend your attack surface using popular tools made by infosec community.\n\n\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/0xAkashsky/sub-scout/blob/main/static/carbon.png\" alt=\"sub-scout\" width=\"700px\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n# Features\n\n - Sub-scout generate keywords from known subdomain file \n - Makes its kind of own permutations list according to scope\n - Parses permutations list to regulator to make rules\n - builds final permutation list according to the rules using regulator\n - Resolves permutation subdomain list using PureDns\n - Parses PureDns resolved domain to httpx for http and https probing\n - Runs Aquatone on httpx results.\n - Runs Wayback on resolved domains.\n - Runs Katana on resolved domains.\n - Collect Javascript files by Combining wayback and katana output\n - Check live Javascript files using httpx\n\n# Prerequisite\n - Go [https://go.dev/doc/install]\n - Regulator [https://github.com/cramppet/regulator]\n - PureDns   [https://github.com/d3mondev/puredns]\n - httpx     [https://github.com/projectdiscovery/httpx]\n - Aquatone  [https://github.com/michenriksen/aquatone]\n - Waybackurls [https://github.com/tomnomnom/waybackurls]\n - Katana    [https://github.com/projectdiscovery/katana]\n - MassDns   [https://github.com/blechschmidt/massdns]\n\nSub-scout does not installs these tools automatically. Manually install all tools and make sure they are available in '/usr/bin'\n\n# How to Run\n```\nJust Download the bash file 'sub-scout.sh' in Regulator folder.\n\nGive permission '$ chmod +x sub-scout.sh'\n\nRun using 'bash sub-scout.sh known_subdomain_list.txt scope.txt /output_directory/'\n```\n\n# Parameters\n\nknown_subdomain_list.txt = Know Subdomain list path that you got form subdomain enumeration tools like 'Amass' 'Subfinder'\n\nscope.txt = Enter the in-scope domains file path. like for yahoo program 'yahoo.com' 'aol.com' in a text file.\n\u003ch1 align=\"left\"\u003e\n  \u003cimg src=\"https://github.com/0xAkashsky/sub-scout/blob/main/static/scope-example.png\" alt=\"sub-scout\" width=\"400px\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n/output-directory/ = Enter the directory path you want to save all outputs too. (Ouput Directory should be created Already) \n\nNote: Filenames does not need to be 'scope.txt' or  'known_subdomain_list.txt' it can be anything just write the correct path of the files in parameters.\n\n# Workflow\n\u003ch1 align=\"left\"\u003e\n  \u003cimg src=\"https://github.com/0xAkashsky/sub-scout/raw/main/static/workflow.jpg\" alt=\"sub-scout\" width=\"600px\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n# Personal Note\n\nI am not a programmer so there could be thousand different ways to do this proccess in more optimize and better way. I made this bash script to automate regulator tool according to scope from my recon purpose. regulator is a great tool to make permutation subdomain list and fast than altdns. \n\nCredits to all infosec tools mentioned above in Prerequisite section.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xAkashsky%2Fsub-scout","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xAkashsky%2Fsub-scout","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xAkashsky%2Fsub-scout/lists"}