Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/daehee/mildew

Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs
https://github.com/daehee/mildew

bug-bounty dod infosec osint reconnaissance subdomains

Last synced: about 1 month ago
JSON representation

Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs

Host: GitHub
URL: https://github.com/daehee/mildew
Owner: daehee
License: mit
Created: 2020-08-26T23:44:28.000Z (about 4 years ago)
Default Branch: master
Last Pushed: 2021-01-21T15:04:46.000Z (over 3 years ago)
Last Synced: 2024-06-19T00:29:03.081Z (3 months ago)
Topics: bug-bounty, dod, infosec, osint, reconnaissance, subdomains
Language: Go
Homepage:
Size: 25.4 KB
Stars: 90
Watchers: 3
Forks: 18
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - daehee/mildew - Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs (Go)

README

        # mildew

Seed your [DoD VDP](https://hackerone.com/deptofdefense) recon with the latest list of official "dotmil" domains. mildew crawls all the DoD-maintained website directories to scrape unique `.mil` domains. Then it extracts [certificate transparency logs](https://www.certificate-transparency.org/what-is-ct) for each discovered root domain for deeper public domain discovery.

Based on the work of [dotmil-domains](https://github.com/esonderegger/dotmil-domains/) a research project by [esonderegger](https://twitter.com/esonderegger) mapping out the DoD's public-facing domain listings:

> There currently isn't a publicly available directory of all the domain names registered under the US military's .mil top-level domain. Such a directory would be useful for people looking to get an aggregate view of military websites and how they are hosted.

## Install

```

go get -u github.com/daehee/mildew/cmd/mildew

```

## Usage

```

mildew

```

## Data Sources

The official DoD website directories:

* [U.S. Department of Defense](https://www.defense.gov/Resources/Military-Departments/DOD-Websites/)

* [Air Force](http://www.af.mil/AFSites.aspx)

* [Army](http://www.army.mil/info/a-z/)

* [Navy](https://www.navy.mil/Resources/Navy-Directory/)

Certificate transparency logs:

* [Crt.sh](https://crt.sh)

## Report Vulnerabilities

Read the DoD Vulnerability Disclosure Policy and submit a vulnerability report at [HackerOne](https://hackerone.com/deptofdefense).