haxunit: combines active & passive subdomain enumeration tools and port scanning tools with vulnerability discovery tools
haxunit
HaxUnit combines multiple active and passive subdomain enumeration tools and port scanning tools with vulnerability discovery tools.
For each subdomain enumeration tool, you’ll be prompted to add the newly discovered subdomains to the list.
If you see unrelated subdomains you can decline and you’ll be asked again with only subdomains of the same domain as the input.
If you don’t want to be asked to add the domains you can use the -y parameter.
Functions
| Function | Type | Description |
|---|---|---|
| sonar_search | Subdomain discovery | Use omnisint (FDNS) to search for other TLD’s with same name |
| dnsx_subdomains | Subdomain discovery | Use dnsx to find subdomains and brute force subdomains |
| subfinder | Subdomain discovery | Use subfinder to find subdomains |
| gau_unfurl | Subdomain discovery | Gather all URL’s on the list of subdomains and parse the domain using unfurl |
| ripgen | Subdomain discovery | Generate and test subdomain permutations |
| dnsx_ips | Get IP addresses | Use dnsx to fetch A records |
| sonar_reverse_dns | Subdomain discovery | Find subdomains using reverse dns search from omnisint (FDNS) |
| nrich | Port scan + Subdomain discovery | Faster alternative to active port scanning to naabu |
| naabu | Port scan + Subdomain discovery | Run naabu on the list of subdomains using list of common ports to discover HTTP services |
| httpx | Subdomain list validation | Check all found subdomains if they are active |
| wpscan | Vulnerability discovery | WordPress Security Scanner |
| acunetix | Vulnerability discovery | Automatically creates a group for the site and starts scans of the subdomains to find vulnerabilities |
| nuclei | Vulnerability discovery | Uses all found active subdomains to search for vulnerabilities |
