Domainker: automate the boring tasks and find some low hanging bugs
Domainker
This tool for bug bounty hunters to help them automate the boring tasks and find some low hanging bugs.
Install
git clone https://github.com/BitTheByte/Domainker
cd Domainker
pip install -r requirements.txt
Use
python domainker.py
Plugins and usage
lib\plugins\experimental\cache_poisoning.py : [–cache-poisoning] Check if the host is vulnerable to cache poisoning
lib\plugins\crlf.py : [–crlf] Check if Host is Vulnerable To CRLF
lib\plugins\port.py : [–ports] Scan for most common open ports. You can also use your own ports –ports 123,456,789
lib\plugins\aws.py : [–aws] Check if The Target is found on Amazon + Automatic uploading
lib\plugins\cname.py : [–dns] Return Target cname
lib\plugins\url.py : [–url] Return Target Response Code [See the options for more details]
lib\plugins\struts.py : [–struts] Attack Struts [CVE-2018-11776]
lib\plugins\put.py : [–put] Check if [PUT] Method is Enabled
lib\plugins\spf.py : [–spf] Check For SPF Record
Basic usage
$ domainker -i google.com [.. Plugins]
$ domainker -d mydomains_list.txt [.. Plugins]
$ domainker -d mydomains_list.txt –url
$ domainker -d mydomains_list.txt –dns
You could also use multiple plugins at the same time
$ domainker -d mydomains_list.txt –url –dns –aws …
$ domainker -i google.com –url –dns –aws …
Options
$ domainker –help
- Create output file [–output/-o file_name]
- Threads count [–threads/-t number]
- Interesting files search [–interesting-files/-F] [–url / –all required]
- Thread timeout [–thread-timeout/-T seconds]
- Request timeout [–request-timeout/-rt seconds]
Format
I want to add different formats at the future but currently, this tool only supports these formats for the input file
https://sub.domain.com http://sub.domain.com sub.domain.com .sub.domain.com
Which generated by:
- amass
- aquatone (hosts.txt)
- subfinder
- sublist3r
… and many other subdomain finders
Source: https://github.com/BitTheByte/
