dns-hacking

Second Order – Subdomain Takeover Scanner Tool

April 30, 2020

Views: 4,119 Second Order Subdomain Takeover Scanner Tool scans web applications for second-order subdomain takeover by crawling the application and collecting URLs (and other data) that match specific rules or respond in a specific way. Using Second Order Subdomain Takeover Scanner Tool Command line options:

 -base string
       Base link to start scraping from (default "http://127.0.0.1")
 -config string
       Configuration file (default "config.json")
 -debug
       Print visited links in real-time to stdout
 -output string
       Directory to save results in (default "output")

-base string

Base link to start scraping from (default "http://127.0.0.1")

-config string

Configuration file (default "config.json")

-debug

Print visited links in real-time to stdout

-output string

Directory to save results in (default "output")

Example:

go run second-order.go -base https://example.com -config config.json -output example.com -concurrency 10

1	go run second-order.go -base https://example.com -config config.json -output example.com -concurrency 10

Config File for Second Order Subdomain Takeover […]

Share692

Tweet27

Buffer14

733 Shares

CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains

October 29, 2018

Views: 5,317 CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds. You missed AXFR technique didn’t you? (Open DNS zone transfers), so how does it work? CTFR does not use dictionary attack or brute-force attacks, it just helps you to abuse Certificate Transparency […]

Share374

Tweet77

Buffer14

465 Shares

altdns – Subdomain Recon Tool With Permutation Generation

February 7, 2018

Views: 4,991 Altdns is a Subdomain Recon Tool in Python that allows for the discovery of subdomains that conform to patterns. The tool takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of. From these […]

400 Shares

Bluto – DNS Recon, Zone Transfer & Brute Forcer

July 17, 2017

Views: 6,141 Bluto is a Python-based tool for DNS recon, DNS zone transfer testing, DNS wild card checks, DNS brute forcing, e-mail enumeration and more. The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none […]

348 Shares

SubBrute – Subdomain Brute-forcing Tool

May 20, 2016

Views: 9,008 SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain brute-forcing tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design also provides a layer of anonymity, as SubBrute does not send […]

132 Shares