domainim: A fast and comprehensive tool for organizational network scanning

network scanning

domainim

Domainim is a Blazing fast domain reconnaissance tool for bounty hunters written in Nim.

Features

  • Virtual hostname enumeration
  • Reverse DNS lookup
  • Subdomains as input
  • Verbose output
  • TCP port scanning with full user control
  • Subdomain enumeration (2 engines)
  • Resolving A records (IPv4)
  • Progress tracking
  • TCP port scanning
  • Update verbose output when encountering errors (v0.2.0)
  • Show progress bar for longer operations

Usage

./domainim <domain> [–ports=<ports>]

  • <domain> is the domain to be enumerated. It can be a subdomain as well.
  • <ports> is a string speicification of the ports to be scanned. It can be one of the following-
    • all – Scan all ports (1-65535)
    • none – Skip port scanning
    • t<n> – Scan top n ports (same as nmap). i.e. t100 scans top 100 ports. Max value is 5000. If n is greater than 5000, it will be set to 5000.
    • single value – Scan a single port. i.e. 80 scans port 80
    • range value – Scan a range of ports. i.e. 80-100 scans ports 80 to 100
    • comma separated values – Scan multiple ports. i.e. 80,443,8080 scans ports 80, 443 and 8080
    • combination – Scan a combination of the above. i.e. 80,443,8080-8090,t500 scans ports 80, 443, 8080 to 8090 and top 500 ports

Examples

  • ./domainim nmap.org –ports=all
  • ./domainim google.com –ports=none
  • ./domainim pptx704.com –ports=t100
  • ./domainim mysite.com –ports=t50,5432,7000-9000

Install

Copyright (c) 2023 pptx704