-
-
Save nikallass/c2b3b8d661a212e927271530b0965f6a to your computer and use it in GitHub Desktop.
Subdomain OSINT script, running several best tools.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Tools based on a resolver.rb by @melvinsh | |
| #Repository: https://github.com/melvinsh/subresolve | |
| #Modified by @ehsahil for Personal Use. | |
| #Modified by @nikallass for Personal Use. | |
| require 'socket' | |
| require 'colorize' | |
| begin | |
| if ARGV[0] == nil | |
| puts "Usage: ruby subdomain.rb domain" | |
| else | |
| domain = ARGV[0] | |
| puts "+--------------------------------Subdomains By Subfinder-------------------------------------+" | |
| #Get it from https://github.com/Ice3man543/subfinder | |
| system("service docker start") | |
| system("docker run -v $HOME/.config/subfinder:/root/.config/subfinder -it subfinder -d #{domain}") | |
| puts "Subfinder Ended..." | |
| puts | |
| #Get it from https://github.com/christophetd/censys-subdomain-finder | |
| puts "+--------------------------------Subdomains BY Censys-------------------------------------+" | |
| system("python /path/to/censys_subdomain_finder.py --censys-api-id [API_ID] --censys-api-secret [API_SECRET] #{domain}") | |
| puts "Censys Ended..." | |
| puts | |
| #CRT.sh get it from https://gist.github.com/nikallass/598a70279b09d32476298be2ef495ef8 | |
| puts "+--------------------------------Subdomains BY Crt.sh-------------------------------------+" | |
| system("/path/to/crt.sh #{domain}") | |
| puts "crt.sh Ended..." | |
| puts | |
| #amass get it from https://github.com/caffix/amass | |
| puts "+--------------------------------Subdomains BY Amass-------------------------------------+" | |
| system("/path/to/amass -v -ip -brute -min-for-recursive 3 -d #{domain}") | |
| puts "amass Ended..." | |
| puts | |
| #harvester get it from https://github.com/laramies/theHarvester | |
| puts "+--------------------------------Subdomains BY TheHarvester-------------------------------------+" | |
| system("theharvester -b all -d #{domain}") | |
| puts "TheHarvester Ended..." | |
| puts | |
| #ptrarchive search get it from https://gist.github.com/nikallass/946d4fe45d883bb7c5de06b16a7f4ece | |
| puts "+--------------------------------Subdomains BY ptrarchive.com-------------------------------------+" | |
| system("/path/to/ptrarc.sh -v #{domain}") | |
| puts "ptrarchive.com Ended..." | |
| puts | |
| puts "Knockpy Started....." | |
| #Get it from https://github.com/guelfoweb/knock | |
| puts "+-------------------------------Subdomains by Knockpy-------------------------------------+" | |
| system("knockpy #{domain}") | |
| puts "Knockpy Ended....." | |
| puts | |
| puts "Sublist3r Started....." | |
| #Get it from https://github.com/aboul3la/Sublist3r | |
| puts "+-------------------------------Subdomains BY Sublister-----------------------------------+" | |
| system("python2.7 /path/to/sublist3r.py -d #{domain}") | |
| puts "SUBLISTER ENDED..." | |
| puts | |
| puts "Aquatone-discover Started....." | |
| #Get it from https://github.com/michenriksen/aquatone | |
| puts "+--------------------------------Subdomains By Aquatone-discover------------------------------------+" | |
| system("aquatone-discover --domain #{domain}") | |
| puts "Aquatone-discover Ended..." | |
| puts | |
| puts "+--------------------------------Subdomains By Aquatone-takeover------------------------------------+" | |
| #Quick auto test for any subdomain takeover. | |
| system("aquatone-takeover --domain #{domain}") | |
| puts "Aquatone-takeover Ended..." | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment