Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pry0cc/subgen

A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!
https://github.com/pry0cc/subgen

Last synced: about 1 month ago
JSON representation

A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver!

Host: GitHub
URL: https://github.com/pry0cc/subgen
Owner: pry0cc
Created: 2020-03-30T19:26:53.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-04-03T23:31:10.000Z (over 4 years ago)
Last Synced: 2024-06-26T00:35:14.239Z (3 months ago)
Language: Go
Size: 1.95 KB
Stars: 84
Watchers: 7
Forks: 14
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

WebHackersWeapons - subgen - to pipe into your favourite resolver!|![](https://img.shields.io/github/stars/pry0cc/subgen?label=%20)|[`subdomains`](/categorize/tags/subdomains.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| (Weapons / Tools)
awesome-hacking-lists - pry0cc/subgen - A really simple utility to concate wordlists to a domain name - to pipe into your favourite resolver! (Go)

README

# Subgen - a subdomain concating-utility with some smarts
If you've come to the realisation that you'd like to split up your DNS enumeration methodology by generating combinations and/or pulling passive data from other sources, then subgen is the sorter & concator you're probably looking for

### Installation

If you have a properly configured GOPATH and $GOPATH/bin is in your PATH, then run this command for a one-liner install, thank you golang!
```
go get -u github.com/pry0cc/subgen
```

#### Cat a very large unsorted wordlist.
```
cat wordlist.txt | subgen -d "uber.com" | zdns A | jq -r "select(.data.answers[0].name) | .name"
```

#### Crawl website with Cewl and generated unresolved subdomain combinations
```
cewl.rb -d 3 -u https://uber.com/ | subgen -d "uber.com"
```

### tldr;
This will take a wordlist, concate with a domain, sort unique in real time (filtering lines that have already been produced) and filtering out with regex any non-DNS safe characters like special characters.

`wordlist.txt`
```
admin
dashboard
www
helloworld
HELLOWORLD
helLoWorld
autodiscover
aUtOdiscover
*sd&^%$£$%^&*
zabbix
login
```

```
cat wordlist.txt | subgen -d "uber.com"
```

Will produce:

```
admin.uber.com
dashboard.uber.com
www.uber.com
helloworld.uber.com
autodiscover.uber.com
zabbix.uber.com
login.uber.com
```

Which you can pipe to a resolver tool such as MassDNS or ZDNS and print out resolved subdomains.

```
cat ~/lists/sorted-all.txt | subgen -d uber.com | zdns A | jq -r "select(.data.answers[0].name) | .name"
```

```
cat ~/lists/jhaddix-all.txt | subgen -d uber.com | massdns -r dns.txt -t A -o S -w results.txt

```