{"id":25394878,"url":"https://github.com/azersd/domainhound","last_synced_at":"2025-04-10T13:19:31.302Z","repository":{"id":260779178,"uuid":"882303028","full_name":"AzerSD/DomainHound","owner":"AzerSD","description":"This is an automated reconnaissance script for initial bug bounty or penetration testing. Subdomain Enumeration - Filtering Sensitive Subdomains - Content Discovery - Domains Screenshotting.","archived":false,"fork":false,"pushed_at":"2024-11-02T14:21:48.000Z","size":14,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-02-15T19:52:48.324Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AzerSD.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-11-02T13:11:17.000Z","updated_at":"2024-11-03T09:57:33.000Z","dependencies_parsed_at":"2024-11-02T15:18:34.095Z","dependency_job_id":"c720ce46-6daa-418d-a3f3-8e9298d10b0e","html_url":"https://github.com/AzerSD/DomainHound","commit_stats":null,"previous_names":["azersd/domainhound"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AzerSD%2FDomainHound","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AzerSD%2FDomainHound/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AzerSD%2FDomainHound/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AzerSD%2FDomainHound/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AzerSD","download_url":"https://codeload.github.com/AzerSD/DomainHound/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248225657,"owners_count":21068078,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-15T19:52:13.409Z","updated_at":"2025-04-10T13:19:31.276Z","avatar_url":"https://github.com/AzerSD.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DomainHound\n\n\nThis is an automated reconnaissance script for initial bug bounty or penetration testing. Subdomain Enumeration - Filtering Sensitive Subdomains - Content Discovery - Domains Screenshotting\n\n## Features\n- **Subdomain Enumeration**: Uses `subfinder` to find subdomains of a specified domain.\n- **Sensitive Root Domain Identification**: Filters subdomains based on keywords (like `api`, `dev`, `prod`, etc.).\n- **Domain Resolution**: Checks if domains are live with `httprobe`.\n- **Content Discovery**: Uses `meg` to locate and retrieve various endpoints.\n- **Screenshotting**: Captures screenshots of root domains using a specified command (like Aquatone or Eyewitness).\n\n---\n\n## Prerequisites\n\nMake sure the following tools are installed:\n- [Subfinder](https://github.com/projectdiscovery/subfinder)\n- [Meg](https://github.com/tomnomnom/meg)\n- [Httprobe](https://github.com/tomnomnom/httprobe)\n- Screenshotting tool (Aquatone, Eyewitness, or equivalent)\n\nUse the following commands to install these tools:\n\n```bash\n# Install Subfinder\ngo install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest\n\n# Install Meg\ngo install -v github.com/tomnomnom/meg@latest\n\n# Install Httprobe\ngo install -v github.com/tomnomnom/httprobe@latest\n```\n\n## Usage\n\n1. **Clone the Repository**\n   ```bash\n   git clone https://github.com/AzerSD/DomainHound.git\n   cd DomainHound\n   ```\n\n2. **Run the Script**\n\n   ```bash\n   python3 DomainHound.py -d \u003cdomain\u003e -a \u003cscreenshot_command\u003e -w \u003cendpoints_file\u003e\n   ```\n\n   **Arguments**:\n   - `-d, --domain`: Target domain for reconnaissance.\n   - `-a, --aquatone`: Command to use for screenshotting (e.g., `aquatone` or `eyewitness`).\n   - `-w, --paths`: Path to a list of endpoints to be checked during content discovery. (e.g from SecList: Discovery/Web-Content `/api/api-endpoints.txt, /common.txt, /config-files.txt, information-disclosure/php-info.txt`)\n\n   **Example**:\n   ```bash\n   python3 DomainHound.py -d example.com -a \"aquatone\" -w endpoints.txt\n   ```\n\n## Output Structure\n\nThe script creates a `data/` directory for each target domain with the following structure:\n\n```\ndata/\n└── \u003cdomain\u003e/\n    ├── subdomains.txt       # All enumerated subdomains\n    ├── hosts                # Sensitive root domains\n    ├── hosts-resolved       # Resolved domains (live hosts)\n    └── out/                 # Content discovered by meg\n```\n\n## Script Breakdown\n\n### 1. `fetch_domains(domain)`\n   - Runs `subfinder` to gather subdomains and stores them in `subdomains.txt`.\n\n### 2. `get_roots(domain)`\n   - Identifies sensitive subdomains (e.g., `api`, `prod`, `dev`) and saves them to `hosts`.\n\n### 3. `resolve(domain)`\n   - Uses `httprobe` to resolve domains from `hosts` and stores live domains in `hosts-resolved`.\n\n### 4. `content_discovery(domain, paths)`\n   - Uses `meg` to find available endpoints, based on the input `paths` list, and saves them in the `out/` directory.\n\n### 5. `screenshot_domains(domain, command)`\n   - Runs the screenshot command on the root domains for easy visualization.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazersd%2Fdomainhound","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fazersd%2Fdomainhound","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazersd%2Fdomainhound/lists"}