An open API service indexing awesome lists of open source software.

https://github.com/zbo14/sc0pe

Find in-scope subdomains for bug bounty programs!
https://github.com/zbo14/sc0pe

amass bug-bounty nodejs subdomain-enumeration subdomains subfinder sublist3r

Last synced: 2 months ago
JSON representation

Find in-scope subdomains for bug bounty programs!

Awesome Lists containing this project

README

          

# sc0pe

A CLI to find in-scope subdomains for bug bounty programs!

`sc0pe` uses [amass](https://github.com/OWASP/Amass), [subfinder](https://github.com/projectdiscovery/subfinder), and [Sublist3r](https://github.com/aboul3la/Sublist3r) to enumerate subdomains.

## Install

`npm i sc0pe`

This will install `Sublist3r` as a submodule - you should install `amass` and `subfinder` yourself.

## Usage

```
@@@@@@ @@@@@@@ @@@@@@@@ @@@@@@@ @@@@@@@@
@@@@@@@ @@@@@@@@ @@@@@@@@@@ @@@@@@@@ @@@@@@@@
!@@ !@@ @@! @@@@ @@! @@@ @@!
!@! !@! !@! @!@!@ !@! @!@ !@!
!!@@!! !@! @!@ @! !@! @!@@!@! @!!!:!
!!@!!! !!! !@!!! !!! !!@!!! !!!!!:
!:! :!! !!:! !!! !!: !!:
!:! :!: :!: !:! :!: :!:
:::: :: ::: ::: ::::::: :: :: :: ::::
:: : : :: :: : : : : : : : :: ::

Usage: sc0pe [options]

Options:
-V, --version output the version number
-a, --adventurous enumerate subdomains for non-wildcard domains
-p, --parallelism max number of domains to scan in parallel (default: 1)
-q, --quiet don't show banner and info
-h, --help display help for command
```

`sc0pe` takes a Burp configuration file as input, deduces in-scope root domains, and performs passive enumeration of subdomains.

By default, `sc0pe` only explores wildcard domains but you can add the `--adventurous` flag to discover subdomains for non-wildcard domains.

The `--parallelism` option controls the maximum number of root domains scanned in parallel. `sc0pe` reduces the value if the number of root domains is smaller.