多功能子域名枚举工具：Domained

发表于 2020年04月17日
安全工具

domained 子域枚举

域名枚举工具，domained使用几个子域名枚举工具和单词列表来创建唯一的子域列表，这些子域将传递给EyeWitness，服务器响应标头和基于签名的默认凭据检查进行报告。（资源保存到./bin，输出保存到./output）

域中包含的工具需要Kali Linux（首选）或Debian 7+和Recon-ng

安装与使用

$ https://github.com/TypeError/domained.git
$ python3 domained.py --install
$ sudo pip install -r ./ext/requirements.txt

$ https://github.com/TypeError/domained.git

$ python3 domained.py --install

$ sudo pip install -r ./ext/requirements.txt

其它依赖安装

用于DNS编程的ldns库：:
- sudo apt-get install libldns-dev -y
Go语言:
- sudo apt-get install golang

利用的工具

子域枚举工具：

Sublist3r by Ahmed Aboul-Ela
enumall by Jason Haddix
Knock by Gianni Amato
Subbrute by TheRook
massdns by B. Blechschmidt
Recon-ng by Tim Tomes (LaNMaSteR53)
Amass by Jeff Foley (caffix)
SubFinder by by Ice3man543

报告+词表：

EyeWitness by ChrisTruncer
SecList (DNS Recon List) by Daniel Miessler
LevelUp All.txt Subdomain List by Jason Haddix

使用

First Step:
Install Required Python Modules: sudo pip install -r ./ext/requirements.txt
Install Tools: sudo python3 domained.py --install

Example 1: python3 domained.py -d example.com
Uses subdomain example.com (Sublist3r (+subbrute), enumall, Knock, Amass, and SubFinder)

Example 2: python3 domained.py -d example.com -b -p --vpn
Uses subdomain example.com with seclist subdomain list bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall, and SubFinder), adds ports 8443/8080 and checks if on VPN

Example 3: python3 domained.py -d example.com -b --bruteall
Uses subdomain example.com with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall and SubFinder)

Example 4: python3 domained.py -d example.com --quick
Uses subdomain example.com and only Amass and SubFinder

Example 5: python3 domained.py -d example.com --quick --notify
Uses subdomain example.com, only Amass and SubFinder and notification

Example 6: python3 domained.py -d example.com --noeyewitness
Uses subdomain example.com with no EyeWitness

Note: --bruteall must be used with the -b flag

First Step:

Install Required Python Modules: sudo pip install -r ./ext/requirements.txt

Install Tools: sudo python3 domained.py --install

Example 1: python3 domained.py -d example.com

Uses subdomain example.com (Sublist3r (+subbrute), enumall, Knock, Amass, and SubFinder)

Example 2: python3 domained.py -d example.com -b -p --vpn

Uses subdomain example.com with seclist subdomain list bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall, and SubFinder), adds ports 8443/8080 and checks if on VPN

Example 3: python3 domained.py -d example.com -b --bruteall

Uses subdomain example.com with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall and SubFinder)

Example 4: python3 domained.py -d example.com --quick

Uses subdomain example.com and only Amass and SubFinder

Example 5: python3 domained.py -d example.com --quick --notify

Uses subdomain example.com, only Amass and SubFinder and notification

Example 6: python3 domained.py -d example.com --noeyewitness

Uses subdomain example.com with no EyeWitness

Note: --bruteall must be used with the -b flag

选项	描述
--install/--upgrade	两者具有相同的功能-安装所有必备工具
--vpn	检查您是否在VPN上
--quick	仅使用Amass和SubFinder
--bruteall	使用JHaddix All.txt列表而不是SecList的Bruteforce
--fresh	从输出文件夹中删除旧数据
--notify	发送Pushover或Gmail通知
--active	EyeWitness主动扫描
--noeyewitness	没有目击者
-d	您要执行侦查的域
-b	具有subbrute / massdns和SecList单词列表的Bruteforce
-s n	仅HTTPs域
-p	为HTTP添加端口8080，为HTTPS添加8443