Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/prvvv/submapper
A subdomain enumeration tool designed to find WAF's and 404 pages for takeover and enumeration
https://github.com/prvvv/submapper
404 404-page amazon bug-bounty bugbounty cloudflare python3 subdomain-enumeration subdomain-scanner subdomain-takeover waf-detection
Last synced: 2 days ago
JSON representation
A subdomain enumeration tool designed to find WAF's and 404 pages for takeover and enumeration
- Host: GitHub
- URL: https://github.com/prvvv/submapper
- Owner: Prvvv
- Created: 2023-09-01T19:29:01.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-01-01T12:03:51.000Z (11 months ago)
- Last Synced: 2024-01-01T13:26:08.500Z (11 months ago)
- Topics: 404, 404-page, amazon, bug-bounty, bugbounty, cloudflare, python3, subdomain-enumeration, subdomain-scanner, subdomain-takeover, waf-detection
- Language: Python
- Homepage:
- Size: 122 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Submapper
## A subdomain enumeration tool desgined to find WAF'S and Vulnerable 404 pages.## Submapper can detect:
- Amazon WAF's
- Cloudflare WAF's
- 404 Pages (Potentially Vulnerable to takeover)
- Subdomains Public IP Address and ISP data## How it works:
Submapper sends a constant but discrete stream of HTTP/1.1 requests to commonly listed sudomains found on most websites and domains.
Submapper uses 3 main techniques all at once to gather as many potential subdomains as possible.
***Brute force:*** submapper uses brute force ranging from small text ranges (a-z/aaaaa - zzzzz) and numerical ranges (1 - 10/1 - 1000) ect, to find short charactered and numbered subdomains.
***wordlisting:*** submapper also uses many wordlists made up of common names, directories, services ect that other mainstream site builders and domains use to list out many potentially interesting or vulnerable subdomains.
***common directory listing:*** along with using common words, submapper also uses confirmed subdomains known to appear on other websites, using many different common names of pluggins and services to best find and enumerate otherwise tricky subdomain names.
## Efficiency
All while remaining as un-noisy as possible, submapper uses only ***1*** file and multiple different threads on each task.
Submapper will also index all currently found subdomains and list them in its own cache to avoid finding the same subdomain twice, giving the best and most reliable results.
![](https://i.ibb.co/59ctRJZ/submapper.png)
## Installation
Submapper requires ***python3.9+*** with ***pip3 or higher*** installed with the following dependancies:
- Colorama (https://pypi.org/project/colorama/)
- Faker (https://pypi.org/project/Faker/)
- Requests (https://pypi.org/project/requests/)
Currently works and tested on:
- ***Linux Debian***
- ***Windows 10/11***