Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'subdomain'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Categories

  • Files
  • Online Book
  • Services

Categories

  • Hacking

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 21 results

  1. SubFinder is a subdomain discovery tool that uses various techniques to discover massive amounts of subdomains for any target. It has been aimed at a successor to the sublist3r project. SubFinder uses Passive Sources, Search Engines, Pastebin, Internet Archives, etc to find subdomains, and then it uses a permutation module inspired by altdns to generate permutations and resolve them quickly using a powerful bruteforcing engine. It can also perform plain bruteforce if needed. The tool is highly customizable, and the code is built with a modular approach in mind making it easy to add functionalities and remove errors. Features Simple and modular code base making it easy to contribute. Fast And Powerful Resolution and wildcard elimination module Curated passive sources to maximize results (26 Sources as of now) Multiple Output formats supported (Json, File, Stdout) Optimized for speed, very fast and lightweight on resources Stdin and stdout support for integrating in workflows Changelog v2.5.7 Fixed Docker file to avoid version mismatch by @olearycrew in #771 Added self update option (-update) + version check by @RamanaReddy0M in #780 [hide][Hidden Content]]
  2. DNS Reaper is yet another subdomain takeover tool, but with an emphasis on accuracy, speed, and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds. [hide][Hidden Content]]
  3. DNS Reaper is yet another subdomain takeover tool, but with an emphasis on accuracy, speed, and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds. You can use DNS Reaper as an attacker or bug hunter! You can run it by providing a list of domains in a file, or a single domain on the command line. DNS Reaper will then scan the domains with all of its signatures, producing a CSV file. You can use DNS Reaper as a defender! You can run it by letting it fetch your DNS records for you! Yes, that’s right, you can run it with credentials and test all your domain configs quickly and easily. DNS Reaper will connect to the DNS provider and fetch all your records, and then test them. We currently support AWS Route53, Cloudflare, and Azure. Documentation on adding your own provider can be found here You can use DNS Reaper as a DevSecOps Pro! Punk Security is a DevSecOps company, and DNS Reaper has its roots in modern security best practices. You can run DNS Reaper in a pipeline, feeding it a list of domains that you intend to provision, and it will exit Non-Zero if it detects a takeover is possible. You can prevent takeovers before they are even possible! Changelog v1.6.1 enhancement: Handle AWS provider API errors gracefully by @imnotbrandon in #119 fix: explicitly close pool #118 by @SimonGurney in #121 [hide][Hidden Content]]
  4. DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal! We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds. [hide][Hidden Content]]
  5. OneForAll is a powerful subdomain collection toolsubdomain collection The importance of information collection in penetration testing is self-evident. Subdomain collection is an essential and very important part of information collection. At present, there are many open-source tools for subdomain collection on the Internet, but there are always some of the following problems: Not powerful enough,there are not enough interfaces to collect subdomains automatically, and there are no functions such as automatic subdomain resolve, verification, FUZZ, and information expansion. Not friendly enough,although the command line module is more convenient, but when there are a lot of optional parameters and the operation to be implemented is complex, using command line mode is a bit unfriendly. If there is a good interaction, With a highly operable front end, the experience will be much better. Lack of maintenance,Many tools have not been updated once in years, what issues and PR are, do not exist. Efficiency issues,do not take advantage of multi-process, multi-threading and asynchronous cooperation technology, the speed is slow. 👍Features Powerful collection capability,For more information, please see collection module description. Collect subdomains using certificate transparency (there are currently 6 modules: censys_api,certspotter,crtsh,entrust,google,spyse_api) General check collection subdomains (there are currently 4 modules: domain transfer vulnerability exploitationaxfr, cross-domain policy file cdx, HTTPS certificate cert, content security policy csp, robots file robots, and sitemap file sitemap. Check NSEC record, NSEC3 record and other modules will be added later). Collect subdomains using web crawler files (there are currently 2 modules: archirawl, commoncrawl, which is still being debugged and needs to be added and improved). Collect subdomains using DNS datasets (there are currently 23 modules: binaryedge_api, bufferover, cebaidu, chinaz, chinaz_api, circl_api, dnsdb_api, dnsdumpster, hackertarget, ip138, ipv4info_api, netcraft, passivedns_api, ptrarchive, qianxun, rapiddns, riddler, robtex, securitytrails_api, sitedossier, threatcrowd, wzpc, ximcx) Collect subdomains using DNS queries (There are currently 5 modules: collecting subdomains srv by enumerating common SRV records and making queries, and collecting subdomains by querying MX,NS,SOA,TXT records in DNS records of domain names). Collect subdomains using threat intelligence platform data (there are currently 6 modules: alienvault, riskiq_ api, threatbook_ api, threatkeeper , virustotal, virustotal_ api, which need to be added and improved). Use search engines to discover subdomains (there are currently 18 modules: ask, baidu, bing, bing_api, duckduckgo, exalead, fofa_api, gitee, github, github_api, google, google_api, shodan_api, so, sogou, yahoo, yandex, zoomeye_api), except for special search engines in the search module. General search engines support automatic exclusion of search, full search, recursive search. Support subdomain blasting,This module has both conventional dictionary blasting and custom fuzz mode. It supports batch blasting and recursive blasting, and automatically judges pan-parsing and processing. Support subdmain verification,default to enable subdomain verification, automatically resolve subdomain DNS, automatically request subdomain to obtain title and banner, and comprehensively determine subdomain survival. Support subdomain takeover,By default, subdomain takeover risk checking is enabled. Automatic subdomain takeover is supported (only Github, remains to be improved at present), and batch inspection is supported. Powerful processing feature,The found subdomain results support automatic removal, automatic DNS parsing, HTTP request detection, automatic filtering of valid subdomains, and expansion of Banner information for subdomains. The final supported export formats are rst, csv, tsv, json, yaml, html, xls, xlsx, dbf, latex, ods. Very fast,collection module uses multithreaded calls, blasting module uses massdns, the speed can at least reach 10000pps under the default configuration, and DNS parsing and HTTP requests use asynchronous multiprogramming in subdomain verification. Multithreaded check subdomain takeover risk. Good experience,Each module has a progress bar, and the results of each module are saved asynchronously. [hide][Hidden Content]]
  6. Knock is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can set the API_KEY within the config.json file. Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Changelog v5.2 added custom DNS --dns [hide][Hidden Content]]
  7. [Hidden Content] [Hidden Content]
  8. Anubis, a subdomain enumerator, and information gathering tool. It collates data from a variety of sources to provide one of the most comprehensive tools for subdomain enumeration. It pulls subdomains from public sources, indexed search results, and AnubisDB, a centralized, open API for subdomains. It is able to identify all key servers behind the domains and output any IPs of interest. For instance, running the same command as above with the -p flag gives us all the unique resolved IP addresses, which allows a security researcher to get a more comprehensive idea of the scope of their target. It is also able to extract information from less used, but potentially rewarding avenues, including DNSSEC subdomain lists and Zone Transfers. Changelog v1.1.3 Fix DNSSEC and Nmap scans [hide][Hidden Content]]
  9. Second Order Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs (and other data) that match certain rules, or respond in a certain way. Usage Ideas This is a list of tips and ideas (not necessarily related to second-order subdomain takeover) on what to use Second Order for. Check for second-order subdomain takeover: takeover.json. (Duh!) Collect inline and imported JS code: javascript.json. Find where a target hosts static files cdn.json. (S3 buckets, anyone?) Collect <input> names to build a tailored parameter bruteforcing wordlist: parameters.json. Feel free to contribute more ideas! [Hidden Content]
  10. Knock is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can set the API_KEY within the config.json file. Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Changelog v5.2 added asynchronous execution [hide][Hidden Content]]
  11. A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters. Key Features OSINT + Subdomain Bruteforcing Capable of handling outputs from multiple tools Handling False Positives and Filters subdomains with same resolutions. Checking for Server Banners and Ports Incredibly Fast Handling domains with larger scopes Port Scanning [hide][Hidden Content]]
  12. Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can set the API_KEY within the config.json file. Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Changelog v5.1 added show report --report added csv report --csv added plot report --plot added set apikey --set apikey-virustotal= [hide][Hidden Content]]
  13. Sub 404 is a tool written in python which is used to check the possibility of subdomain takeover vulnerability and it is fast as it is Asynchronous. Why During the recon process, you might get a lot of subdomains(e.g more than 10k). It is not possible to test each manually or with traditional requests or the urllib method as it is very slow. Using Sub 404 you can automate this task in a much faster way. Sub 404 uses aiohttp/asyncio which makes this tool asynchronous and faster. How it works Sub 404 uses subdomains list from a text file and checks for url of 404 Not Found status code and in addition, it fetches CNAME(Canonical Name) and removes those URL which has target domain name in CNAME. It also combines results from subfinder and sublist3r(subdomain enumeration tool) if you don’t have target subdomains as two is better than one. But for this sublist3r and subfinder tools must be installed in your system. Sub 404 is able to check 7K subdomains in less than 5 minutes. Key Features: – Fast( as it is Asynchronous) – Uses two more tool to increase efficiency – Saves result in a text file for future reference – Umm that’s it, nothing much! [hide][Hidden Content]]
  14. OneForAll is a powerful subdomain collection toolsubdomain collection The importance of information collection in penetration testing is self-evident. Subdomain collection is an essential and very important part of information collection. At present, there are many open-source tools for subdomain collection on the Internet, but there are always some of the following problems: Not powerful enough,there are not enough interfaces to collect subdomains automatically, and there are no functions such as automatic subdomain resolve, verification, FUZZ, and information expansion. Not friendly enough,although the command line module is more convenient, but when there are a lot of optional parameters and the operation to be implemented is complex, using command line mode is a bit unfriendly. If there is a good interaction, With a highly operable front end, the experience will be much better. Lack of maintenance,Many tools have not been updated once in years, what issues and PR are, do not exist. Efficiency issues,do not take advantage of multi-process, multi-threading and asynchronous cooperation technology, the speed is slow. Features Powerful collection capability,For more information, please see collection module description. Collect subdomains using certificate transparency (there are currently 6 modules: censys_api,certspotter,crtsh,entrust,google,spyse_api) General check collection subdomains (there are currently 4 modules: domain transfer vulnerability exploitationaxfr, cross-domain policy file cdx, HTTPS certificate cert, content security policy csp, robots file robots, and sitemap file sitemap. Check NSEC record, NSEC3 record and other modules will be added later). Collect subdomains using web crawler files (there are currently 2 modules: archirawl, commoncrawl, which is still being debugged and needs to be added and improved). Collect subdomains using DNS datasets (there are currently 23 modules: binaryedge_api, bufferover, cebaidu, chinaz, chinaz_api, circl_api, dnsdb_api, dnsdumpster, hackertarget, ip138, ipv4info_api, netcraft, passivedns_api, ptrarchive, qianxun, rapiddns, riddler, robtex, securitytrails_api, sitedossier, threatcrowd, wzpc, ximcx) Collect subdomains using DNS queries (There are currently 5 modules: collecting subdomains srv by enumerating common SRV records and making queries, and collecting subdomains by querying MX,NS,SOA,TXT records in DNS records of domain names). Collect subdomains using threat intelligence platform data (there are currently 6 modules: alienvault, riskiq_ api, threatbook_ api, threatkeeper , virustotal, virustotal_ api, which need to be added and improved). Use search engines to discover subdomains (there are currently 18 modules: ask, baidu, bing, bing_api, duckduckgo, exalead, fofa_api, gitee, github, github_api, google, google_api, shodan_api, so, sogou, yahoo, yandex, zoomeye_api), except for special search engines in the search module. General search engines support automatic exclusion of search, full search, recursive search. Support subdomain blasting,This module has both conventional dictionary blasting and custom fuzz mode. It supports batch blasting and recursive blasting, and automatically judges pan-parsing and processing. Support subdmain verification,default to enable subdomain verification, automatically resolve subdomain DNS, automatically request subdomain to obtain title and banner, and comprehensively determine subdomain survival. Support subdomain takeover,By default, subdomain takeover risk checking is enabled. Automatic subdomain takeover is supported (only Github, remains to be improved at present), and batch inspection is supported. Powerful processing feature,The found subdomain results support automatic removal, automatic DNS parsing, HTTP request detection, automatic filtering of valid subdomains, and expansion of Banner information for subdomains. The final supported export formats are rst, csv, tsv, json, yaml, html, xls, xlsx, dbf, latex, ods. Very fast,collection module uses multithreaded calls, blasting module uses massdns, the speed can at least reach 10000pps under the default configuration, and DNS parsing and HTTP requests use asynchronous multiprogramming in subdomain verification. Multithreaded check subdomain takeover risk. Good experience,Each module has a progress bar, and the results of each module are saved asynchronously. [hide][Hidden Content]]
  15. OneForAll is a powerful subdomain collection tool The importance of information collection in penetration testing is self-evident. Subdomain collection is an essential and very important part of information collection. At present, there are many open-source tools for subdomain collection on the Internet, but there are always some of the following problems: Not powerful enough,there are not enough interfaces to collect subdomains automatically, and there are no functions such as automatic subdomain resolve, verification, FUZZ, and information expansion. Not friendly enough,although the command line module is more convenient, but when there are a lot of optional parameters and the operation to be implemented is complex, using command line mode is a bit unfriendly. If there is a good interaction, With a highly operable front end, the experience will be much better. Lack of maintenance,Many tools have not been updated once in years, what issues and PR are, do not exist. Efficiency issues,do not take advantage of multi-process, multi-threading and asynchronous cooperation technology, the speed is slow. Features Powerful collection capability,For more information, please see collection module description. Collect subdomains using certificate transparency (there are currently 6 modules: censys_api,certspotter,crtsh,entrust,google,spyse_api) General check collection subdomains (there are currently 4 modules: domain transfer vulnerability exploitationaxfr, cross-domain policy file cdx, HTTPS certificate cert, content security policy csp, robots file robots, and sitemap file sitemap. Check NSEC record, NSEC3 record and other modules will be added later). Collect subdomains using web crawler files (there are currently 2 modules: archirawl, commoncrawl, which is still being debugged and needs to be added and improved). Collect subdomains using DNS datasets (there are currently 23 modules: binaryedge_api, bufferover, cebaidu, chinaz, chinaz_api, circl_api, dnsdb_api, dnsdumpster, hackertarget, ip138, ipv4info_api, netcraft, passivedns_api, ptrarchive, qianxun, rapiddns, riddler, robtex, securitytrails_api, sitedossier, threatcrowd, wzpc, ximcx) Collect subdomains using DNS queries (There are currently 5 modules: collecting subdomains srv by enumerating common SRV records and making queries, and collecting subdomains by querying MX,NS,SOA,TXT records in DNS records of domain names). Collect subdomains using threat intelligence platform data (there are currently 6 modules: alienvault, riskiq_ api, threatbook_ api, threatkeeper , virustotal, virustotal_ api, which need to be added and improved). Use search engines to discover subdomains (there are currently 18 modules: ask, baidu, bing, bing_api, duckduckgo, exalead, fofa_api, gitee, github, github_api, google, google_api, shodan_api, so, sogou, yahoo, yandex, zoomeye_api), except for special search engines in the search module. General search engines support automatic exclusion of search, full search, recursive search. Support subdomain blasting,This module has both conventional dictionary blasting and custom fuzz mode. It supports batch blasting and recursive blasting, and automatically judges pan-parsing and processing. Support subdmain verification,default to enable subdomain verification, automatically resolve subdomain DNS, automatically request subdomain to obtain title and banner, and comprehensively determine subdomain survival. Support subdomain takeover,By default, subdomain takeover risk checking is enabled. Automatic subdomain takeover is supported (only Github, remains to be improved at present), and batch inspection is supported. Powerful processing feature,The found subdomain results support automatic removal, automatic DNS parsing, HTTP request detection, automatic filtering of valid subdomains, and expansion of Banner information for subdomains. The final supported export formats are rst, csv, tsv, json, yaml, html, xls, xlsx, dbf, latex, ods. Very fast,collection module uses multithreaded calls, blasting module uses massdns, the speed can at least reach 10000pps under the default configuration, and DNS parsing and HTTP requests use asynchronous multiprogramming in subdomain verification. Multithreaded check subdomain takeover risk. Good experience,Each module has a progress bar, and the results of each module are saved asynchronously. [hide][Hidden Content]]
  16. Domained – Multi Tool Subdomain Enumeration Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting. This produces categorized screenshots, server response headers and signature based default credential checking. It is written in Python heavily leveraging Recon-ng. Download: [Hidden Content]
  17. The importance of information collection in penetration testing is self-evident. Subdomain collection is an essential and very important part of information collection. At present, there are many open source tools for subdomain collection on the Internet, but there are always some of the following problems: Not powerful enough,there are not enough interfaces to collect subdomains automatically, and there are no functions such as automatic subdomain resolve, verification, FUZZ and information expansion. Not friendly enough,although the command line module is more convenient, but when there are a lot of optional parameters and the operation to be implemented is complex, using command line mode is a bit unfriendly. If there is a good interaction, With a highly operable front end, the experience will be much better. Lack of maintenance,Many tools have not been updated once in years, what issues and PR are, do not exist. Efficiency issues,do not take advantage of multi-process, multi-threading and asynchronous cooperation technology, the speed is slow. [HIDE][Hidden Content]]
  18. Turbolist3r - Subdomain Enumeration Tool With Analysis Features For Discovered Domains Turbolist3r is a fork of the sublist3r subdomain discovery tool. In addition to the original OSINT capabilties of sublist3r, turbolist3r automates some analysis of the results, with a focus on subdomain takeover. Turbolist3r queries public DNS servers for each discovered subdomain. If the subdomain exists (i.e. the resolver replied with an address), the answer is categorized as CNAME or A record. By examining A records, it is possible to discover potential penetration testing targets for a given domain. Likewise, the process of looking for subdomain takeovers is simple; view the discovered CNAME records and investigate any that point to applicable cloud services. Please do not use for illegal purposes. [HIDE][Hidden Content]]
  19. Knock Subdomain Scan v.4.0.0 Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Very simply $ knockpy domain.com Export full report in JSON Download: [HIDE][Hidden Content]]
  20. [HIDE][Hidden Content]]
  21. Subdomain takeover tool which works based on matching response fingerprints from can-i-take-over-xyz [HIDE][Hidden Content]]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.