Domainker
This tool for bug bounty hunters to help them automate the boring tasks and find some low hanging bugs.
Install
git clone https://github.com/BitTheByte/Domainker
cd Domainker
pip install -r requirements.txt
Use
python domainker.py
Plugins and usage
lib\plugins\experimental\cache_poisoning.py : [–cache-poisoning] Check if the host is vulnerable to cache poisoning
lib\plugins\crlf.py : [–crlf] Check if Host is Vulnerable To CRLF
lib\plugins\port.py : [–ports] Scan for most common open ports. You can also use your own ports –ports 123,456,789
lib\plugins\aws.py : [–aws] Check if The Target is found on Amazon + Automatic uploading
lib\plugins\cname.py : [–dns] Return Target cname
lib\plugins\url.py : [–url] Return Target Response Code [See the options for more details]
lib\plugins\struts.py : [–struts] Attack Struts [CVE-2018-11776]
lib\plugins\put.py : [–put] Check if [PUT] Method is Enabled
lib\plugins\spf.py : [–spf] Check For SPF Record
Basic usage
$ domainker -i google.com [.. Plugins]
$ domainker -d mydomains_list.txt [.. Plugins]
$ domainker -d mydomains_list.txt –url
$ domainker -d mydomains_list.txt –dns
You could also use multiple plugins at the same time
$ domainker -d mydomains_list.txt –url –dns –aws …
$ domainker -i google.com –url –dns –aws …
Options
$ domainker –help
- Create output file [–output/-o file_name]
- Threads count [–threads/-t number]
- Interesting files search [–interesting-files/-F] [–url / –all required]
- Thread timeout [–thread-timeout/-T seconds]
- Request timeout [–request-timeout/-rt seconds]
Format
I want to add different formats at the future but currently, this tool only supports these formats for the input file
https://sub.domain.com http://sub.domain.com sub.domain.com .sub.domain.com
Which generated by:
- amass
- aquatone (hosts.txt)
- subfinder
- sublist3r
… and many other subdomain finders
Source: https://github.com/BitTheByte/
