Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/daehee/mildew
Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs
https://github.com/daehee/mildew
bug-bounty dod infosec osint reconnaissance subdomains
Last synced: 21 days ago
JSON representation
Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs
- Host: GitHub
- URL: https://github.com/daehee/mildew
- Owner: daehee
- License: mit
- Created: 2020-08-26T23:44:28.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2021-01-21T15:04:46.000Z (almost 4 years ago)
- Last Synced: 2024-08-05T17:31:32.995Z (4 months ago)
- Topics: bug-bounty, dod, infosec, osint, reconnaissance, subdomains
- Language: Go
- Homepage:
- Size: 25.4 KB
- Stars: 92
- Watchers: 3
- Forks: 18
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - daehee/mildew - Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs (Go)
README
# mildew
Seed your [DoD VDP](https://hackerone.com/deptofdefense) recon with the latest list of official "dotmil" domains. mildew crawls all the DoD-maintained website directories to scrape unique `.mil` domains. Then it extracts [certificate transparency logs](https://www.certificate-transparency.org/what-is-ct) for each discovered root domain for deeper public domain discovery.
Based on the work of [dotmil-domains](https://github.com/esonderegger/dotmil-domains/) a research project by [esonderegger](https://twitter.com/esonderegger) mapping out the DoD's public-facing domain listings:
> There currently isn't a publicly available directory of all the domain names registered under the US military's .mil top-level domain. Such a directory would be useful for people looking to get an aggregate view of military websites and how they are hosted.## Install
```
go get -u github.com/daehee/mildew/cmd/mildew
```## Usage
```
mildew
```## Data Sources
The official DoD website directories:
* [U.S. Department of Defense](https://www.defense.gov/Resources/Military-Departments/DOD-Websites/)
* [Air Force](http://www.af.mil/AFSites.aspx)
* [Army](http://www.army.mil/info/a-z/)
* [Navy](https://www.navy.mil/Resources/Navy-Directory/)Certificate transparency logs:
* [Crt.sh](https://crt.sh)## Report Vulnerabilities
Read the DoD Vulnerability Disclosure Policy and submit a vulnerability report at [HackerOne](https://hackerone.com/deptofdefense).