Domained - Multi Tool Subdomain Enumeration

Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting.

This produces categorized screenshots, server response headers and signature based default credential checking. It is written in Python heavily leveraging Recon-ng.

Domains Subdomain Enumeration Tools Leveraged

Subdomain Enumeraton Tools:

Sublist3r
enumall
Knock
Subbrute
massdns
Recon-ng
Amass
SubFinder

Reporting + Wordlists:

Domained Subdomain Enumeration Tool Usage

--install/--upgrade 	Both do the same function – install all prerequisite tools
--vpn 	Check if you are on VPN (update with your provider)
--quick 	Use ONLY Amass and SubFinder
--bruteall 	Bruteforce with JHaddix All.txt List instead of SecList
--fresh 	Delete old data from output folder
--notify 	Send Pushover or Gmail Notifications
--active 	EyeWitness Active Scan
--noeyewitness 	No Eyewitness
-d 	The domain you want to preform recon on
-b 	Bruteforce with subbrute/massdns and SecList wordlist
-s n 	Only HTTPs domains
-p 	Add port 8080 for HTTP and 8443 for HTTPS

--install/--upgrade Both do the same function – install all prerequisite tools

--vpn Check if you are on VPN (update with your provider)

--quick Use ONLY Amass and SubFinder

--bruteall Bruteforce with JHaddix All.txt List instead of SecList

--fresh Delete old data from output folder

--notify Send Pushover or Gmail Notifications

--active EyeWitness Active Scan

--noeyewitness No Eyewitness

-d The domain you want to preform recon on

-b Bruteforce with subbrute/massdns and SecList wordlist

-s n Only HTTPs domains

-p Add port 8080 for HTTP and 8443 for HTTPS

Subdomain Enumeration Examples

First Steps are to install required Python modules and tools:

sudo pip install -r ./ext/requirements.txt
sudo python domained.py --install

1 2	sudo pip install -r ./ext/requirements.txt sudo python domained.py --install

Example 1 – Uses subdomain example.com (Sublist3r (+subbrute), enumall, Knock, Amass, and SubFinder)

python domained.py -d example.com

1	python domained.py -d example.com

Example 2: – Uses subdomain example.com with seclist subdomain list bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall, and SubFinder), adds ports 8443/8080 and checks if on VPN

python domained.py -d example.com -b -p --vpn

1	python domained.py -d example.com -b -p --vpn

Example 3: – Uses subdomain example.com with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall and SubFinder)

python domained.py -d example.com -b --bruteall

1	python domained.py -d example.com -b --bruteall

Example 4: – Uses subdomain example.com and only Amass and SubFinder

python domained.py -d example.com --quick

1	python domained.py -d example.com --quick

Example 5: – Uses subdomain example.com, only Amass and SubFinder and notification

python domained.py -d example.com --quick --notify

1	python domained.py -d example.com --quick --notify

Example 6: – Uses subdomain example.com with no EyeWitness

python domained.py -d example.com --noeyewitness

1	python domained.py -d example.com --noeyewitness

Note: --bruteall must be used with the -b flag

You can download Domained here:

Or read more here.

625 Shares

Domained – Multi Tool Subdomain Enumeration

Domains Subdomain Enumeration Tools Leveraged

Domained Subdomain Enumeration Tool Usage

Subdomain Enumeration Examples

Most Viewed Posts

Search

Recent Posts

Domains Subdomain Enumeration Tools Leveraged

Domained Subdomain Enumeration Tool Usage

Subdomain Enumeration Examples

Footer

Most Viewed Posts

Search

Recent Posts

Tags