Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/bit4woo/domain_hunter

A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件
https://github.com/bit4woo/domain_hunter

burp-extensions burp-plugin burpsuite-extender certificate certification domain-discovery domain-hunter domains https-certificate organization-domain related-domain similar-domain sitemap spider subdomain subject-alternative-name subject-name subjectaltname

Last synced: 24 days ago
JSON representation

A Burp Suite Extension that try to find all sub-domain, similar-domain and related-domain of an organization automatically! 基于流量自动收集整个企业或组织的子域名、相似域名、相关域名的burp插件

Awesome Lists containing this project

README

        

[![Open Source Love](https://badges.frapsoft.com/os/v1/open-source.svg?v=103)](https://github.com/ellerbrock/open-source-badges/)[![MIT Licence](https://badges.frapsoft.com/os/mit/mit.svg?v=103)](https://opensource.org/licenses/mit-license.php)

# #更强大的版本请看 [https://github.com/bit4woo/domain_hunter_pro](https://github.com/bit4woo/domain_hunter_pro) 该版本后续可能会较少更新了。

# A more powerful version, please see [https://github.com/bit4woo/domain_hunter_pro](https://github.com/bit4woo/domain_hunter_pro) , this one perhaps will not be updated.

**author**

[bit4woo](https://github.com/bit4woo)

**domain_hunter**

A Burp Suite extender that try to find ***sub-domains,similar domains and related domains*** of an organization automatically, not only domain.
Some times similar domain and related domains give you surprise^_^. that's why I care about it.

**video(视频教程)**

https://www.bilibili.com/video/BV1Jt4y1U7YG/

**usage**

1. download this burp extender from [here](https://github.com/bit4woo/domain_hunter/releases).
2. add it to burp suite. you will see a new tab named “Domain Hunter”, if no error encountered.
3. visit your target website(or App) with burp proxy enabled, ensure burp recorded http or https traffic of your target.
4. you can just switch to the "domain hunter" tab, input the domain that you want to search and click "Search" button.
5. or you can run "Crawl" firstly to try to find more sub-domains and similar domains.

![usage](doc/usage.gif)

**screenshot**

![domain-hunter-v1.1](doc/domain-hunter-v1.2.png)

**change log**

2017-07-28: Add a function to crawl all known subdomains; fix some bug.

2018-07-06: Add the ability to get related domains by get SANs object of certification.

2018-08-03: Use thread to speed up get related-domains.

2018-09-18: Optimize some steps to reduce memory usage.

2018-09-19: Update getSANs() method to void get domains of CDN provider.

2018-09-20: Update logic of getting possible https URLs that may contain related-domains

2018-09-21: Update logic of "includeInScope" and "sendToSpider" to reduces UI action time

2018-09-29: Add Upload function to support upload result to your site or system

2018-10-30: Big Change: try to find sub-domains, similar domains , related domains of an organization(enterprise), not only a domain.

2018-11-01: Add "Add to domain hunter" menu in site map tree.

2019-07-06: Use multiple thread to improve search speed. Use regex to find more domain in every response.

**xmind of domain collection**

![xmind](doc/xmind.png)

**Burp插件微信交流群**:

![wechat_group](doc/wechat_group.jpg)