https://github.com/BitTheByte/Domainker
BugBounty Tool
https://github.com/BitTheByte/Domainker
bb bugbounty bugcrowd checker code crawler h1 hackerone hacking hacking-tool injection python rce response struts2 subdomain sudomains
Last synced: 8 months ago
JSON representation
BugBounty Tool
- Host: GitHub
- URL: https://github.com/BitTheByte/Domainker
- Owner: BitTheByte
- Archived: true
- Created: 2018-11-07T21:37:22.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2019-09-17T15:13:48.000Z (about 6 years ago)
- Last Synced: 2023-04-26T13:00:58.469Z (over 2 years ago)
- Topics: bb, bugbounty, bugcrowd, checker, code, crawler, h1, hackerone, hacking, hacking-tool, injection, python, rce, response, struts2, subdomain, sudomains
- Language: Python
- Homepage:
- Size: 344 KB
- Stars: 38
- Watchers: 5
- Forks: 21
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Domainker
# Setup
Python pypi package got removed. if you want to use this tool follow the steps below
- Manual setup
```
git clone https://github.com/BitTheByte/Domainker
cd Domainker
pip install -r requirements.txt
python domainker.py
```
# How to use
I developed this tool to be easily managed and upgraded so i created it as small plugin systems connected together
## Plugins and usage
```
lib\plugins\experimental\cache_poisoning.py : [--cache-poisoning] Check if the host is vulnerable to cache poisoning
lib\plugins\crlf.py : [--crlf] Check if Host is Vulnerable To CRLF
lib\plugins\port.py : [--ports] Scan for most common open ports. You can also use your own ports --ports 123,456,789
lib\plugins\aws.py : [--aws] Check if The Target is found on Amazon + Automatic uploading
lib\plugins\cname.py : [--dns] Return Target cname
lib\plugins\url.py : [--url] Return Target Response Code [See the options for more details]
lib\plugins\struts.py : [--struts] Attack Struts [CVE-2018-11776]
lib\plugins\put.py : [--put] Check if [PUT] Method is Enabled
lib\plugins\spf.py : [--spf] Check For SPF Record
```
## Basic usage
```
$ domainker -i google.com [.. Plugins]
$ domainker -d mydomains_list.txt [.. Plugins]
$ domainker -d mydomains_list.txt --url
$ domainker -d mydomains_list.txt --dns
```
You could also use multiple plugins at the same time
```
$ domainker -d mydomains_list.txt --url --dns --aws ...
$ domainker -i google.com --url --dns --aws ...
```
## Options
```
$ domainker --help
```
- Create output file [--output/-o file_name]
- Threads count [--threads/-t number]
- Interesting files search [--interesting-files/-F] [--url / --all required]
- Thread timeout [--thread-timeout/-T seconds]
- Request timeout [--request-timeout/-rt seconds]
# Format
I want to add different formats at the future but currently this tool only supports this formats for the input file
```
https://sub.domain.com
http://sub.domain.com
sub.domain.com
.sub.domain.com
```
Which generated by:
- amass
- aquatone (hosts.txt)
- subfinder
- sublist3r
... and many other subdomain finders
# Contributors
- [k3r1it0](https://github.com/k3r1it0)
- [NeuroWinter](https://github.com/NeuroWinter)
- [GeneralEG](https://github.com/GeneralEG)
# FAQ
[Q] Why it's called Domainker?
[A] Originally this was a just checker script for domain availability so the name was originated from [Domain-Checker]
[Q] What is the tool for?
[A] This tool for bugbounty hunters to help them automate the boring tasks and find some low hanging bugs
[Q] Which Python version should i use?
[A] Python 2.7.16 (recommended) or Python 3.7.*
[Q] Does this tool support Python 3 ?
[A] Yes, Starting from `06/11/2019` python 3 is supported
[Q] I have an idea for you, what should i do?
[A] If you have already implemented your idea please make a pull request if not or don't know how to do it please open a new [issue](https://github.com/BitTheByte/Domainker/issues) describing your idea in it