DomLink

It is a tool that uses a domain name to discover organization name and associated e-mail address to then find further associated domains.

This is useful for bug bounty and red team engagements where you need to discover more domains associated with the target.

How does it work?

DomLink roughly follows the following process. It takes the user-supplied domain name, looks for associated organization and e-mail records. It then takes the associated organization records and performs a Reverse WHOIS to discover additional domains which have associated e-mails attached to them. The tool prompts you with whether or not you want to add the discovered e-mail to your list of organization e-mails (most of the time requires human interaction to filter out junk). It then runs a further domain enumeration phase by taking the total list of associated e-mails and runs Reverse WHOIS on it again to get a final list of associated organizations, e-mails and domains.

Usage

1. Get an API key from WHOXY.com
2. Set that API key in a file named domLink.cfg in the same directory.

python domlink.py -d target.com -o target.out.txt

Example

Copyright (c) 2018 Vincent Yiu

Source: https://github.com/vysec/