https://github.com/zbo14/sc0pe
Find in-scope subdomains for bug bounty programs!
https://github.com/zbo14/sc0pe
amass bug-bounty nodejs subdomain-enumeration subdomains subfinder sublist3r
Last synced: 2 months ago
JSON representation
Find in-scope subdomains for bug bounty programs!
- Host: GitHub
- URL: https://github.com/zbo14/sc0pe
- Owner: zbo14
- License: mit
- Created: 2020-05-16T21:28:04.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2022-03-26T17:54:44.000Z (over 4 years ago)
- Last Synced: 2024-10-23T08:50:48.928Z (over 1 year ago)
- Topics: amass, bug-bounty, nodejs, subdomain-enumeration, subdomains, subfinder, sublist3r
- Language: JavaScript
- Homepage:
- Size: 227 KB
- Stars: 1
- Watchers: 3
- Forks: 1
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# sc0pe
A CLI to find in-scope subdomains for bug bounty programs!
`sc0pe` uses [amass](https://github.com/OWASP/Amass), [subfinder](https://github.com/projectdiscovery/subfinder), and [Sublist3r](https://github.com/aboul3la/Sublist3r) to enumerate subdomains.
## Install
`npm i sc0pe`
This will install `Sublist3r` as a submodule - you should install `amass` and `subfinder` yourself.
## Usage
```
@@@@@@ @@@@@@@ @@@@@@@@ @@@@@@@ @@@@@@@@
@@@@@@@ @@@@@@@@ @@@@@@@@@@ @@@@@@@@ @@@@@@@@
!@@ !@@ @@! @@@@ @@! @@@ @@!
!@! !@! !@! @!@!@ !@! @!@ !@!
!!@@!! !@! @!@ @! !@! @!@@!@! @!!!:!
!!@!!! !!! !@!!! !!! !!@!!! !!!!!:
!:! :!! !!:! !!! !!: !!:
!:! :!: :!: !:! :!: :!:
:::: :: ::: ::: ::::::: :: :: :: ::::
:: : : :: :: : : : : : : : :: ::
Usage: sc0pe [options]
Options:
-V, --version output the version number
-a, --adventurous enumerate subdomains for non-wildcard domains
-p, --parallelism max number of domains to scan in parallel (default: 1)
-q, --quiet don't show banner and info
-h, --help display help for command
```
`sc0pe` takes a Burp configuration file as input, deduces in-scope root domains, and performs passive enumeration of subdomains.
By default, `sc0pe` only explores wildcard domains but you can add the `--adventurous` flag to discover subdomains for non-wildcard domains.
The `--parallelism` option controls the maximum number of root domains scanned in parallel. `sc0pe` reduces the value if the number of root domains is smaller.