Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/enenumxela/subdomains.sh

A wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash.
https://github.com/enenumxela/subdomains.sh

amass asset-discovery bash-scripting bug-bounty bugbounty dns enumeration findomain hakrevdns passive-dns penetration-testing pentesting reconnaissance reverse-dns reverse-dns-lookup subdomain subdomains subdomains-enumeration subfinder xsubfind3r

Last synced: 8 days ago
JSON representation

A wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash.

Host: GitHub
URL: https://github.com/enenumxela/subdomains.sh
Owner: enenumxela
License: mit
Created: 2021-06-28T08:16:14.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2022-08-02T09:22:32.000Z (over 2 years ago)
Last Synced: 2024-05-02T03:11:55.442Z (7 months ago)
Topics: amass, asset-discovery, bash-scripting, bug-bounty, bugbounty, dns, enumeration, findomain, hakrevdns, passive-dns, penetration-testing, pentesting, reconnaissance, reverse-dns, reverse-dns-lookup, subdomain, subdomains, subdomains-enumeration, subfinder, xsubfind3r
Language: Shell
Homepage: https://github.com/enenumxela/subdomains.sh
Size: 123 KB
Stars: 75
Watchers: 3
Forks: 12
Open Issues: 3
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

        # subdomains.sh

![Made with Bash](https://img.shields.io/badge/made%20with-Bash-0040ff.svg) ![Maintenance](https://img.shields.io/badge/maintained%3F-yes-0040ff.svg) [![open issues](https://img.shields.io/github/issues-raw/hueristiq/subdomains.sh.svg?style=flat&color=0040ff)](https://github.com/hueristiq/subdomains.sh/issues?q=is:issue+is:open) [![closed issues](https://img.shields.io/github/issues-closed-raw/hueristiq/subdomains.sh.svg?style=flat&color=0040ff)](https://github.com/hueristiq/subdomains.sh/issues?q=is:issue+is:closed) [![license](https://img.shields.io/badge/license-MIT-gray.svg?colorB=0040FF)](https://github.com/hueristiq/subdomains.sh/blob/master/LICENSE) [![author](https://img.shields.io/badge/[email protected])](https://twitter.com/itshueristiq)

A wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash.

## Resources

* [The Workflow](#the-workflow)

* [Installation](#installation)

* [Usage](#usage)

* [Credits](#credits)

* [Contribution](#contribution)

## The Workflow



![Flow Chart](https://github.com/hueristiq/subdomains.sh/raw/main/static/flowchart.png)



## Installation

Run the installation script:

```bash

curl -s https://raw.githubusercontent.com/hueristiq/subdomains.sh/main/install.sh | bash -

```

Or run in an ephemeral Docker container:

Clone the repository and run

```bash

cd subdomains.sh

# Build the container image

./docker-subdomains.sh build

# After build, you can run the script with the same options listed above.

# Each run will run in a new container, and the container is destroyed after run

./docker-sudomains.sh -d example.com -r 1.1.1.1

# To destroy the container image if desired

./docker-subdomains.sh destroy

```

## Usage

To display this script's help message, use the `-h` flag:

```bash

subdomains.sh -h

```

```text

           _         _                       _                 _     

 ___ _   _| |__   __| | ___  _ __ ___   __ _(_)_ __  ___   ___| |__  

/ __| | | | '_ \ / _` |/ _ \| '_ ` _ \ / _` | | '_ \/ __| / __| '_ \ 

\__ \ |_| | |_) | (_| | (_) | | | | | | (_| | | | | \__  _\__ \ | | |

|___/\__,_|_.__/ \__,_|\___/|_| |_| |_|\__,_|_|_| |_|___(_)___/_| |_| v1.0.0

USAGE:

  subdomains.sh [OPTIONS]

OPTIONS:

   -d, --domain 			 domain to discover subdomains for *

   -r, --resolvers 			 list of DNS resolvers containing file *

       --skip-passive 			 skip passive discovery discovery

       --use-passive-tools 		 comma(,) separated passive tools to use

       --exclude-passive-tools 		 comma(,) separated passive tools to exclude

       --skip-active 			 skip active discovery discovery

       --skip-dictionary 		 skip discovery from dictionary DNS brute forcing

  -dW, --dictionary-wordlist 		 wordlist for dictionary DNS  brute forcing

       --skip-permutation 		 skip discovery from permutation DNS brute forcing

  -pW, --permutation-wordlist 		 wordlist for permutation DNS brute forcing

       --skip-dns-records 		 skip discovery from DNS records

       --skip-reverse-dns 		 skip discovery from reverse DNS lookup

   -o, --output 			 output text file

       --setup				 install/update this script & dependencies

   -h, --help 				 display this help message and exit

NOTE: options marked with asterik(*) are required.

HAPPY HACKING :)

```

## Credits

Credit goes to the authors of the various tools I used in this script:

* [@OWASP](https://github.com/OWASP) for [amass](https://github.com/OWASP/Amass)

* [@hakluke](https://github.com/hakluke) for [hakrevdns](https://github.com/hakluke/hakrevdns)

* [@d3mondev](https://github.com/d3mondev) for [puredns](https://github.com/d3mondev/puredns)

* [@tomnonom](https://github.com/tomnomnom) for [anew](https://github.com/tomnomnom/anew)

* [@Edu4rdSHL](https://github.com/Edu4rdSHL) for [findomain](https://github.com/Edu4rdSHL/findomain)

* [@shenwei356](https://github.com/shenwei356) for [rush](https://github.com/shenwei356/rush)

* [@hueristiq](http://github.com/hueristiq) for [hqsubfind3r](http://github.com/hueristiq/hqsubfind3r)

* [@projectdiscovery](https://github.com/projectdiscovery) for [subfinder](https://github.com/projectdiscovery/subfinder) and [httpx](https://github.com/projectdiscovery/subfinder)

## Contribution

[Issues](https://github.com/hueristiq/subdomains.sh/issues) and [Pull Requests](https://github.com/hueristiq/subdomains.sh/pulls) are welcome!