Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/iamthefrogy/frogy
My subdomain enumeration script. It's unique in the way it is built upon.
https://github.com/iamthefrogy/frogy
bug-bounty bugbounty infosec osint reconnaissance
Last synced: about 1 month ago
JSON representation
My subdomain enumeration script. It's unique in the way it is built upon.
- Host: GitHub
- URL: https://github.com/iamthefrogy/frogy
- Owner: iamthefrogy
- Created: 2021-02-21T08:39:51.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2024-08-05T19:20:16.000Z (4 months ago)
- Last Synced: 2024-08-05T22:42:05.326Z (4 months ago)
- Topics: bug-bounty, bugbounty, infosec, osint, reconnaissance
- Language: Shell
- Homepage:
- Size: 1.05 MB
- Stars: 654
- Watchers: 14
- Forks: 120
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - iamthefrogy/frogy - My subdomain enumeration script. It's unique in the way it is built upon. (Shell)
README
![](https://visitor-badge.glitch.me/badge?page_id=iamthefrogy.frogy)
Made with ❤️ ❤️ ❤️ from
My goal is to create an open-source Attack Surface Management solution and make it capable to find all the IPs, domains, subdomains, live websites, login portals for one company.
**How it can help a large company (Some usecases):**
- **Vulnerability management team:** Can use the result to feed into their known and unknown assets database to increase their vulnerability scanning coverage.
- **Threat intel team:** Can use the result to feed into their intel DB to prioritize proactive monitoring for critical assets.
- **Asset inventory team:** Can use the result to keep their asset inventory database up-to-date by adding new unknown assets facing Internet and finding contact information for the assets inside your organization.
- **SOC team:** Can use the result to identify what all assets they are monitoring vs. not monitoring and then increase their coverage slowly.
- **Patch management team:** Many large organizations are unaware of their legacy, abandoned assets facing the Internet; they can utilize this result to identify what assets need to be taken offline if they are not being used.It has multiple use cases depending your organization's processes and technology landscpae.
**Logic**
**Features**
- :frog: Horizontal subdomain enumeration
- :frog: Vertical subdomain enumeration
- :frog: Resolving subdomains to IP
- :frog: Identifying live web applications
- :frog: Identifying all the contextual properties of the web application such as title, content lenght, server, IP, cname, etc. (through httpx tool)+ **Requirements:** Go Language, Python 3.+, jq
+ **Installation**
```sh
Login as root and run the below command.
bash install.sh
```
+ **Usage**
```sh
./frogy.sh
```
+ **Demo Scenario 1**
Use frogy.sh when you want to start discovery for any new target and you just have their one primary domain.
+ **Output**
```
Output file will be saved inside the output/company_name/webometry.csv folder. Where company_name is any company name which you give as an input to 'Organization Name' at the start of the script.
```
#### A very warm thanks to the authors of the tools used in this script.Warning/Disclaimer: Read the detailed disclaimer at my blog - https://github.com/iamthefrogy/Disclaimer-Warning/blob/main/README.md
Logo credit - www.designevo.com