Warning : Need to be run as root in order to ping a domain, due to the socket use !
An application that enumerates subdomains, and scan them with several rules
- Ping-v0.2 - pip install ping
- Argparse - pip install argparse
- DnsPython - pip install dnspython
- Bruteforce subdomains with file 'names.txt' or custom
- Detect subdomains using dork in Google
- Auto ping of every detected subdomains
- Generate report for every subdomains
- NMAP of every detected subdomains
- Advanced scan with custom rules to detect IOV (indicator of vulnerability)
sudo python Subdomino.py --domain google.com (--nmap) (--all) (--google 5) (--yahoo 5) (--bing 5) (--baidu 5) (--reversedns) (--names big_names.txt) (--threads 20) (--file list_of_submn)
The options are:
- nmap : launch a fast nmap on every discovered subdomains
- all : search with all websites (google, yahoo, bing...)
- google : add a search for subdomain using google dork, you must specify the number of result pages
- yahoo : add a search for subdomain using yahoo dork, you must specify the number of result pages
- bing : add a search for subdomain using bing dork, you must specify the number of result pages
- baidu : add a search for subdomain using baidu dork, you must specify the number of result pages
- reversedns : add a search for subdomain using a reverse dns
- names : allows you to use a custom file to bruteforce subdomains
- file : allows you to provide an already pinged subdomain's list
- threads : number of pools you want to use for the multiprocessing bruteforce
You need to add an entry in "rules.txt" like this
name: Name of the rule
rule: Put here the rule you want to match
desc: Description of the rule
You can use the following rules pattern:
- is_string_page
- is_string_header
- regex_match_page
- regex_match_header
You can also chain several rules with AND operator like this
rule: is_string_page("hash") AND regex_match_page("jquery.*?(1).([0-7]).([0-9]+)")
====