Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
This gives you the ability to run multiple domains within the same session. The tool only has one module that needs an API key (/api/google_site) find instructions for that on the recon-ng wiki.
Setting up Enumall for Subdomain Discovery
Install recon-ng
from Source, clone the Recon-ng repository:
1 |
Change into the Recon-ng directory:
1 |
cd recon-ng |
Install dependencies:
1 |
pip install -r REQUIREMENTS |
Link the installation directory to /usr/share/recon-ng
1 |
ln -s /$recon-ng_path /usr/share/recon-ng |
Optionally (highly recommended) download:
– AltDNS
– A good subdomain bruteforce list (example here)
Create the config.py
file and specify the path to Recon-ng and AltDNS as it showed in config_sample.py
.
Basic Usage for Subdomain Enumeration
1 |
./enumall.py domain.com |
Also supports:
1 2 3 4 |
-w to run a custom wordlist with recon-ng -a to use alt-dns -p to feed a custom permutations list to alt-dns (requires -a flag) -i to feed a list of domains (can also type extra domains into the original command) |
You can download Enumall here:
Or read more here.