{"id":24159433,"url":"https://github.com/exfil0/dynamic_enum_wizard","last_synced_at":"2025-09-07T14:06:29.578Z","repository":{"id":271211097,"uuid":"912721374","full_name":"exfil0/dynamic_enum_wizard","owner":"exfil0","description":"Dynamic_enum_Wizard is a curses-based wizard that conducts a wide range of security reconnaissance tasks while keeping the terminal output to a minimum. ","archived":false,"fork":false,"pushed_at":"2025-01-07T11:47:10.000Z","size":103,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-02T02:34:18.393Z","etag":null,"topics":["attacksurface","cybersecurity","defense","exploit","mapping","offensive-security","reconnaissance","redteaming","scanner","wizard"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/exfil0.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-06T09:02:22.000Z","updated_at":"2025-01-07T11:47:13.000Z","dependencies_parsed_at":"2025-01-07T02:16:30.403Z","dependency_job_id":null,"html_url":"https://github.com/exfil0/dynamic_enum_wizard","commit_stats":null,"previous_names":["exfil0/dynamic_enum_wizard"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/exfil0/dynamic_enum_wizard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2Fdynamic_enum_wizard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2Fdynamic_enum_wizard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2Fdynamic_enum_wizard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2Fdynamic_enum_wizard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/exfil0","download_url":"https://codeload.github.com/exfil0/dynamic_enum_wizard/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exfil0%2Fdynamic_enum_wizard/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274046000,"owners_count":25212982,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-07T02:00:09.463Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attacksurface","cybersecurity","defense","exploit","mapping","offensive-security","reconnaissance","redteaming","scanner","wizard"],"created_at":"2025-01-12T15:17:30.719Z","updated_at":"2025-09-07T14:06:29.550Z","avatar_url":"https://github.com/exfil0.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DYNAMIC ENUM WIZARD\n\n**Dynamic_enum_Wizard** is a curses-based wizard that conducts a wide range of security reconnaissance tasks while keeping the terminal output to a minimum. All detailed logs and data are stored in a **timestamped** workspace folder (e.g., `wizard_enum_\u003cdomain\u003e_\u003cYYYYMMDD-HHMMSS\u003e`). This approach lets you see just enough progress on screen—plus a spinner that can show CPU/Memory usage **and** environment info (OS, hostname, public IP)—while the real work is logged to disk.\n\n---\n\n## Features\n\n### Wizard-Style Prompts\n- **Domain input** (with basic validation) \n- **AMASS brute-forcing** (optional) \n- **Port Scanning** approach (Common ports, Top 1000, or All 65535) \n- **Directory Brute-Forcing** wordlist choice (common/big) \n- **Optional Concurrency** for DNS resolution, Dirb, GoWitness, Naabu, etc.\n\n![Files Structure](https://github.com/exfil0/dynamic_enum_wizard/blob/main/files-structure.png)\n\n### WHOIS \u0026 DNS\n- **WHOIS** queries to glean ownership and registrar info (run at the very top of the flow).\n- DNS resolution (with optional concurrency) to map subdomains to IPs.\n\n### Subdomain Enumeration\n- Integrates `subfinder`, `assetfinder`, **`sublist3r`**, and `amass` (passive and active) to gather a comprehensive subdomain list.\n\n### Port \u0026 Service Scanning\n- `nmap` with user-chosen port range.\n- **`naabu`** for quick port scanning to find open TCP ports fast.\n\n### SSL Certificate Checks\n- Uses `openssl s_client` to fetch certificate data on port 443 for each subdomain.\n\n### Directory Brute-Forcing\n- `dirb` on both HTTP and HTTPS, using either a “common” or “big” wordlist chosen by the user.\n\n### Screenshot Capture\n- **`GoWitness`** quickly captures HTTP/HTTPS screenshots of subdomains.\n\n### Exploit Search\n- **`searchsploit`** automatically runs on each enumerated service from the Nmap scans to find known vulnerabilities.\n\n### Minimal Curses UI\n- ASCII banner at the top, short progress lines, and a spinner on the bottom row that shows CPU/Mem usage (if `psutil` is installed) and **environment info** (OS, hostname, public IP).\n\n### Execution Timeline\n- Logs major step start/end times, generating an ASCII timeline at the end.\n\n### Consolidated Reporting\n- Generates both **JSON** and **CSV** summaries of discovered subdomains and IPs in the final workspace.\n\n---\n\n## Prerequisites \u0026 Installation\n\n### System Requirements\n- A Debian/Ubuntu/Kali-based system (due to `apt-get` usage).\n- Python 3.6+.\n- `sudo/root` privileges (for installing missing packages).\n\n### Clone the Repo\n```bash\ngit clone https://github.com/exfil0/dynamic_enum_wizard.git\ncd dynamic_enum_wizard\n```\n\n### Make Executable\n```bash\nchmod +x interactive_enum_wizard.py\n```\n\n### (Optional) Install `psutil`\n```bash\nsudo apt-get install python3-psutil\n```\nor\n```bash\nsudo pip3 install psutil\n```\nThis enables the spinner to display real-time CPU and memory usage, plus environment info near the timer.\n\n---\n\n## Usage\n\n### Run as `sudo`\n```bash\nsudo ./interactive_enum_wizard.py\n```\n\n### Follow the Wizard\n1. **Domain**: e.g., `example.com`\n2. **AMASS brute**: `y/n`\n3. **Port scanning approach**:\n - (1) Common (80,443)\n - (2) Top 1000 (default nmap)\n - (3) All (65535)\n4. **Directory brute-forcing wordlist**: `common` or `big`\n5. **Concurrency**: `y/n` for parallel DNS, Dirb, GoWitness, etc.\n\n### Check the Workspace\n- A timestamped folder `wizard_enum_\u003cdomain\u003e_\u003cYYYYMMDD-HHMMSS\u003e` is created.\n- Detailed logs in subfolders:\n - `logs/` (WHOIS, Emails, Dorks output, etc.)\n - `nmap_scans/`\n - `dirb_scans/`\n - `gowitness_shots/` (screenshots)\n - `ssl/`\n- The ASCII timeline of major steps appears at the end, and JSON/CSV outputs are saved in the workspace directory.\n\n---\n\n## Example Session\n```bash\n$ sudo ./interactive_enum_wizard.py\n\n ::::::::: :::::::::: ::: ::: \n :+: :+: :+: :+: :+: \n +:+ +:+ +:+ +:+ +:+ \n +#+ +:+ +#++:++# +#+ +:+ +#+ \n +#+ +#+ +#+ +#+ +#+#+ +#+ \n #+# #+# #+# #+#+# #+#+# by Exfil0\n######### . ########## . ### ### - v1.1\n\n~ Mapping Attack Surface - @HornetStrike and @ScaryByte ~\n ~ DYNAMIC ENUM WIZARD ~\n\n[*] Loading Complete Recon Wizard...\n\n[?] Target domain (e.g., example.com): scarybyte.com\n[?] Enable AMASS brute force? (y/N): n\n\nPort scanning approach (for Nmap, sublist3r, amass):\n 1) Common HTTP/HTTPS only (80,443)\n 2) Extended Common Ports =\u003e top 1000\n 3) All 65535 TCP ports\n[?] Enter 1, 2, or 3: 1\n\nDirectory brute-force wordlist options:\n 1) common.txt\n 2) big.txt\n[?] Choose 1 or 2: 1\n\n[?] Enable concurrency for DNS, Dirb, GoWitness, Naabu? (y/N): y\n```\n\nThe script runs with a spinner at the bottom (showing TIME, CPU/MEM usage, plus \"OS:..., Host:..., IP:...\"), minimal lines above, and logs in the timestamped workspace.\n\n---\n\n## License\n\nThis project is licensed under the MIT License for simplicity and permissiveness, allowing commercial and private use with minimal restrictions.\n\n### MIT License\n```\nPermission is hereby granted, free of charge, to any person obtaining a copy ...\n```\n\n---\n\n## Disclaimer\n- **Authorized Use Only**: This tool is intended for legal security testing and educational research. Ensure you have explicit permission before scanning any domain/IP.\n- **No Warranty**: Provided “as is,” without warranty of any kind. The authors assume no liability for damage or misuse.\n- **Rate-Limits \u0026 CAPTCHAs**: Some tools may be detected by firewalls or lead to CAPTCHAs. Use responsibly.\n\n---\n\n## Contributing\n1. Fork the repo and create a new branch (`feature/something` or `fix/issueX`).\n2. Submit a Pull Request with a clear description of your changes.\n3. Ensure new features or bug fixes are well-tested.\n4. For major changes, please open an issue first to discuss the changes.\n\nWe welcome:\n- Concurrency improvements.\n- Additional tool integrations.\n- Advanced scanning logic.\n\n---\n\n# Changelog\n\n| Version | Date | Additions | Changes | Fixes | Removals |\n|---------|------------|---------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------|\n| v1.1 | 2025-01-07 | - WHOIS Lookups: Automatic whois step at the beginning, saving results to `logs/whois.txt`. | - Timestamped Workspace: Creates `wizard_enum_\u003cdomain\u003e_\u003cYYYYMMDD-HHMMSS\u003e` to avoid overwriting results. | - Auto-install Issues: Improved handling of `apt-get` and `pip3` installations. | - Excess Debug Output: Default terminal output is now minimal, focusing on a curses-based spinner. |\n| | | - GoWitness Screenshot Capture: Stores HTTP/HTTPS screenshots in `gowitness_shots/`. | - Flow of Steps: WHOIS first, followed by subdomain, DNS, SSL, email, scanning, and reporting. | - Error Handling: Hardened around subprocess calls and concurrency to prevent partial crashes. | |\n| | | - SearchSploit Integration: Queries `searchsploit` for Nmap results, saving outputs to `logs/searchsploit_results.txt`. | - Curses Spinner: Enhanced with environment references (OS, hostname, IP) and optional CPU/Mem usage. | | |\n| | | - Consolidated JSON/CSV Report: Generates `consolidated_report.json` and `resolved_ips.csv` in the workspace. | | | |\n| | | - Environment Info in Spinner: Displays OS version, hostname, and public IP alongside CPU/Mem usage and time. | | | |\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexfil0%2Fdynamic_enum_wizard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fexfil0%2Fdynamic_enum_wizard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexfil0%2Fdynamic_enum_wizard/lists"}