Skip to content
/ subdomains.sh Public

A wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash.

github.com/enenumxela/subdomains.sh

License

MIT license
75 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

enenumxela/subdomains.sh

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

69 Commits
.github
.github
 
 
static
static
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-subdomains.sh
docker-subdomains.sh
 
 
install.sh
install.sh
 
 
subdomains.sh
subdomains.sh
 
 

Repository files navigation

subdomains.sh

Made with Bash Maintenance open issues closed issues license author

A wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash.

Resources

The Workflow

Flow Chart

Installation

Run the installation script:

curl -s https://raw.githubusercontent.com/hueristiq/subdomains.sh/main/install.sh | bash -

Or run in an ephemeral Docker container:

Clone the repository and run

cd subdomains.sh
# Build the container image
./docker-subdomains.sh build

# After build, you can run the script with the same options listed above.
# Each run will run in a new container, and the container is destroyed after run
./docker-sudomains.sh -d example.com -r 1.1.1.1

# To destroy the container image if desired
./docker-subdomains.sh destroy

Usage

To display this script's help message, use the -h flag:

subdomains.sh -h

           _         _                       _                 _     
 ___ _   _| |__   __| | ___  _ __ ___   __ _(_)_ __  ___   ___| |__  
/ __| | | | '_ \ / _` |/ _ \| '_ ` _ \ / _` | | '_ \/ __| / __| '_ \ 
\__ \ |_| | |_) | (_| | (_) | | | | | | (_| | | | | \__  _\__ \ | | |
|___/\__,_|_.__/ \__,_|\___/|_| |_| |_|\__,_|_|_| |_|___(_)___/_| |_| v1.0.0

USAGE:
  subdomains.sh [OPTIONS]

OPTIONS:
   -d, --domain 			 domain to discover subdomains for *
   -r, --resolvers 			 list of DNS resolvers containing file *
       --skip-passive 			 skip passive discovery discovery
       --use-passive-tools 		 comma(,) separated passive tools to use
       --exclude-passive-tools 		 comma(,) separated passive tools to exclude
       --skip-active 			 skip active discovery discovery
       --skip-dictionary 		 skip discovery from dictionary DNS brute forcing
  -dW, --dictionary-wordlist 		 wordlist for dictionary DNS  brute forcing
       --skip-permutation 		 skip discovery from permutation DNS brute forcing
  -pW, --permutation-wordlist 		 wordlist for permutation DNS brute forcing
       --skip-dns-records 		 skip discovery from DNS records
       --skip-reverse-dns 		 skip discovery from reverse DNS lookup
   -o, --output 			 output text file
       --setup				 install/update this script & dependencies
   -h, --help 				 display this help message and exit

NOTE: options marked with asterik(*) are required.

HAPPY HACKING :)

Credits

Credit goes to the authors of the various tools I used in this script:

Contribution

Issues and Pull Requests are welcome!

About

A wrapper around tools used for subdomain enumeration, to automate the workflow, on a given domain, written in bash.

github.com/enenumxela/subdomains.sh

Topics

dns subdomain enumeration penetration-testing bug-bounty pentesting bugbounty subdomains reverse-dns bash-scripting passive-dns reconnaissance subfinder amass asset-discovery subdomains-enumeration reverse-dns-lookup findomain hakrevdns xsubfind3r

Resources

Readme

License

MIT license
Activity

Stars

75 stars

Watchers

3 watching

Forks

12 forks
Report repository

Releases

No releases published

Sponsor this project

Packages

No packages published

Contributors 2

  •  
  •  

Languages