Simple Recon Subdomain

18:01

This is very basic automated recon script tool.

 

I used web tools for enumerate host and ip.
 
TARGET IS A MAGIC STRING

curl -s "https://rapiddns.io/subdomain/TARGET?full=1#result" | awk -v RS='<[^>]+>' '/$1/' | sort -u >>TARGET-rapiddns.txt
curl -s "https://riddler.io/search/exportcsv?q=pld:TARGET" | grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u >>TARGET-riddler.txt
curl -s "https://jldc.me/anubis/subdomains/TARGET" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u >>TARGET-jldc.txt
curl -s "https://crt.sh/?q=%25.TARGET&output=json" | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u >>TARGET-crt.txt
curl -s "https://dns.bufferover.run/dns?q=.TARGET" | jq -r .FDNS_A[] | sed -s 's/,/\\n/g' | sort -u >>TARGET-bufferover.txt
cat TARGET-*.txt | sort -u >TARGET.txt;cat TARGET.txt -n



 User tool:

python tool.py {target}
python tool.py fbi.gov

Screenshot Screenshot 

 

OUTPUT

TARGET-rapiddns.txt
TARGET-riddler.txt
TARGET-jldc.txt
TARGET-crt.txt
TARGET-bufferover.txt

OUTPUT SORT UNIQ

TARGET.txt 

 

Download tool:
https://github.com/MrCl0wnLab/SimpleReconSubdomain

Popular Posts