List of tools that I used to discover assets in a subdomain targets and end-points
1. Nahamsec crt.sh
#!/bin/bash
$ curl -s https://crt.sh\?q\=%.$1\&output\=json | jq -r '.[].name_value' | sed 's/\*\.//g' | sed '/@/d' | sort -u
Save it as crt.sh.
Usage:
$ crt.sh domain.com
2. Tomnomnom assetfinder
$ assetfinder -subs-only disney.com
3. Tomnomnom waybackurls
$ echo disney.com | waybackurls
4. Maaaaz webscreenshots
$ python webscreenshot.py -i in.txt -o out.txt
OR
Michenriksen aquatone
Download the binary version, here. Copy it into /usr/local/bin
Usage:
$ cat subs.txt | aquatone
5. Tomnomnom meg
Eg to look for Citrix ADC endpoints:
$ meg '/*/vpns/cfg/smb.conf' meg-targets-in.txt meg-targets-out.txt
Installation
$ GO111MODULE=on go get -u github.com/tomnomnom/httprobe
$ cd ~/go/bin/
$ ls
assetfinder gf httprobe meg waybackurls
$ sudo cp * /usr/local/bin
No comments:
Post a Comment