Subdoler

Subdoler is a subdomain lister which calculates:

1. IP ranges, domains and subdomains from a list of companies
2. Domains and subdomains from a list of IP ranges
3. Subdomains from a list of domains
4. IP ranges and domains (no subdomains) from a list of companies
5. Domains (no subdomains) from a list of ranges

When calculating the subdomains, it creates a TMUX session. You can wait until the programs end or process everything later with -p. Also, you can kill the tmux session with -k.

One of these arguments is necessary:

-c: File of companies. Ex: ./subdoler.py -c /tmp/companies.txt
-C: List of companies. Ex: ./subdoler.py -C company1,company2
-r: File of IP ranges. Ex: ./subdoler.py -r /tmp/ip_ranges.txt
-R: List of IP ranges. Ex: ./subdoler.py -R 10.20.30.40/24,11.21.31.41/22
-d: File of domains. Ex: ./subdoler.py -d /tmp/domains.txt
-R: List of domains. Ex: ./subdoler.py -D company1.com,company2.es
-k: Kill tmux session. Ex: ./subdoler.py -k

Optional arguments:

-o: Output directory. Ex: ./subdoler.py -c /tmp/companies.txt -o /tmp/subdoler_results
-cf: Country filter for IP range extraction from IPv4info. Ex: ./subdoler.py -c /tmp/companies.txt -cf ES,IT,US
-ns: No subdomain calculation. Ex: ./subdoler.py -r /tmp/ip_ranges.txt -ns
-p: Process results (useful for closing everything except the tmux session and process the resulting files some hours later). Ex: ./subdoler.py -o /tmp/subdoler_results -p

You can decide which programs are used for subdomain calculation setting the value of these options to True in the config.py file:

Options to enumerate subdomains:
- amass_active - Use Amass in passive scan mode
- gobuster_active - Use Gobuster in bruteforce mode with a custom dictionary (using this by default)
- sublist3r_active - Use Sublist3r
- dnsdumpster_active - Use the DNSDumpster unofficial API
- fdns_active - Use FDNS. For this, download this file and set its path in config.py
Options to enumerate leaked information:
- theharvester_active - Use theHarvester to search leaked email addresses
- pwndb_active - Use PwnDB to search leaked credentials (the service tor needs to get started, it asks for root privileges)

Installation

git clone https://github.com/ricardojoserf/subdoler
cd subdoler/install
sh install.sh

1. IP ranges, domains and subdomains from a list of companies (-c or -C)

It calculates the IP ranges of the companies in IPv4info, extracts the domains in these IPs and then the subdomains:

From a file:

python3 subdoler.py -c COMPANIES_FILE -o OUTPUT_DIRECTORY

From a comma separated list:

python3 subdoler.py -C company1,company2 -o OUTPUT_DIRECTORY

First, the IP ranges of each company are calculated:

Second, the domains in these IP ranges:

Third, the subdomains of these domains are calculated using a Tmux session:

Then, the program will wait until the user enters a key:

If it is 'q', it will quit and you can calculate the data later using the option '-p' (--process)
If it is not 'q', it will calculate the data in the files.

Finally, the unique subdomains and the leaked information are listed and the output is stored in different files int he output directory:

Different files are created in the specified output directory:

main_domains.txt: It contains the domains (hostnames) from the IP ranges calculated
subdomain_by_source.csv: It contains the subdomains with the program which discovered them, the reverse lookup IP and which range it is part of
ranges_information.csv: It contains information about the ranges
leaked_information.txt: It contains the leaked email accounts and credentials
results.xlsx: It contains all the information in an Excel file with different sheets

2. Domains and subdomains from a list of IP ranges (-r or -R)

It skips the step of calculating the ranges of the companies, working with the IP ranges directly.

From a file:

python3 subdoler.py -r RANGES_FILE -o OUTPUT_DIRECTORY

From a comma separated list:

python3 subdoler.py -R companyrange1,companyrange2 -o OUTPUT_DIRECTORY

3. Subdomains from a list of domains (-d or -D)

It skips the steps of calculating the ranges of the companies and the domains in the IP ranges, extracting the subdomains from the domains list directly:

From a file:

python3 subdoler.py -d DOMAINS_FILE -o OUTPUT_DIRECTORY

From a comma separated list:

python3 subdoler.py -D domain1,domain2,domain3 -o OUTPUT_DIRECTORY

4. IP ranges and domains (no subdomains) from a list of companies (-c or -C and -ns)

Using the option --no_subdomains (-ns), the step of calculating the subdomains is skipped, calculating just the IP ranges of the companies and the domains in them:

python3 subdoler.py -ns -c COMPANIES_FILE -o OUTPUT_DIRECTORY

5. Domains (no subdomains) from a list of ranges (-r or -R and -ns)

python3 subdoler.py -ns -r RANGES_FILE -o OUTPUT_DIRECTORY

6. Process files (-p)

python3 subdoler.py -o OUTPUT_DIRECTORY --process

7. Process files (-p)

python3 subdoler.py -k

5l1v3r1 / subdoler Goto Github PK

subdoler's Introduction

Subdoler

Installation

1. IP ranges, domains and subdomains from a list of companies (-c or -C)

2. Domains and subdomains from a list of IP ranges (-r or -R)

3. Subdomains from a list of domains (-d or -D)

4. IP ranges and domains (no subdomains) from a list of companies (-c or -C and -ns)

5. Domains (no subdomains) from a list of ranges (-r or -R and -ns)

6. Process files (-p)

7. Process files (-p)

subdoler's People

Contributors

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs