27 Resources
Golang subdomain-enumeration Libraries
A fast subdomain enumerator for web URLs using the power of Goroutines.
gosublister A fast subdomain enumerator for web URLs written in go with goroutines. Options Usage: gosublister -u [URL] [Other Flags] Flags: -u,
Cloud IP address ranges lookup tool + DNS subdomain enumeration + Certificate Transparency
Cloud edge Lookup an IP to find the cloud provider and other details based on the provider's published JSON data Cloud edge is a recon tool focused on
Active Directory & Red-Team Cheat-Sheet in constant expansion.
This AD attacks CheatSheet, made by RistBS is inspired by the Active-Directory-Exploitation-Cheat-Sheet repo. Edit : Thanks for 100 stars :D it is the
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
A CLI tool to get Certificate Transparency logs of a domain name.
crt crt is a CLI tool to get Certificate Transparency logs of a domain name. It can also enumerate subdomains. Installation If you have Go installed:
Go-enum-algorithm - Implement an enumeration algorithm in GO
go-enum-algorithm implement an enumeration algorithm in GO run the code go run m
Subdomain finder based on crt.sh
GoSub Subdomain finder based on crt.sh This will simply make an HTTP request to crt.sh passing the URL you provided, parse the results and print the s
JPRQ Customizer is a customizer that helps to use the JPRQ server code and make it compatible with your own server with custom subdomain and domain
JPRQ Customizer is a customizer that helps to use the JPRQ server code and make it compatible with your own server with custom subdomain and domain.You can upload the generated directory to your web server and expose user localhost to public internet. You can use this to make your local machine a command center for your ethical hacking purpose ;)
Generate wordlist from already collected subdomains for bruteforcing purposes.
goSubsWordlist Generate a wordlist from a list of already discovered subdomains. This list can be used for further bruteforcing for more subdomains. I
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources.
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.
Get subdomain list and check whether they are active or not by each response code. Using API by c99.nl
getsubdomain Get subdomain list and check whether they are active or not by each response code. Using API by c99.nl Installation ▶ go install github.c
Argus is a subdomain enumeration tool
Argus Argus is a domain enumeration tool. Usage : LINUX : ./argus Windows : double click the executable or .\argus When you enter the domain name , pl
O365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365
O365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365 (now/soon Microsoft365). O365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools do not use.
User enumeration and password bruteforce on Azure, ADFS, OWA, O365 and gather emails on Linkedin
goEnumBruteSpray Description Summary The recommended module is o365 for user enumeration and passwords bruteforce / spray . Additional information can
Subdomain scanner, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second
ksubdomain是一款基于无状态的子域名爆破工具,类似无状态端口扫描,支持在Windows/Linux/Mac上进行快速的DNS爆破,在Mac和Windows上理论最大发包速度在30w/s,linux上为160w/s。 hacking8信息流的src资产收集 https://i.hacking8
Subdomain takeover
CtrlSub subdomain take over tools The project is inspired by SubOver Install go get github.com/mmta41/ctrlsub Usage ./ctrlsub -l sub.host.com Todo U
DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
sonarbyte is a simple and fast subdomain scanner written in go to extract subdomain from Rapid7's DNS Database using omnisint's api.
sonarbyte Description Sonarbyte is a simple and fast subdomain scanner written in go to extract subdomains from Rapid7's DNS Database using omnisint's
A tool get level of subdomain from 1....n
dlevel Get any level of subdomain from 1....N Install go get -u github.com/MPaandeey/dlevel Usage Example 📄 files.txt hackerone.com info.hackerone.co
User enumeration with Microsoft Teams API
UserEnumTeams Description Sometimes user enumeration could be sometimes useful during the reconnaissance of an assessment. This tool will determine if
Extract endpoints marked as disallow in robots files to generate wordlists.
roboXtractor This tool has been developed to extract endpoints marked as disallow in robots.txt file. It crawls the file directly on the web and has a
lite version of gobuster. Only subdomain brute. 内网轻量化子域名爆破工具
gobusterdns lite version of gobuster. Only subdomain brute. 内网轻量化子域名爆破工具 适合指定dns跑内网子域名 与原版的修改 精简功能,仅支持子域名扫描 可导入domain list文件扫描
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple to
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testing. The tool is intended to speed up the process of Cloud review in case the security researcher compromised AWS Account Credentials.
AWS Service Enumeration Disclaimer The tool is in beta stage (testing in progress), no destructive API Calls used ( read only actions ). I hope, there
Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.
Fast and customisable vulnerability scanner based on simple YAML based DSL. How • Install • For Security Engineers • For Developers • Documentation •
Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.
Fast passive subdomain enumeration tool. Features • Install • Usage • API Setup • License • Join Discord Subfinder is a subdomain discovery tool that