Subrake: Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters

SUBRAKE

A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.

Key Features

• OSINT + Subdomain Bruteforcing
• Capable of handling outputs from multiple tools
• Handling False Positives and Filters subdomains with same resolutions.
• Checking for Server Banners and Ports
• Incredibly Fast
• Handling domains with larger scopes
• Port Scanning

Install

$ git clone https://github.com/hash3liZer/Subrake.git
$ cd Subrake/
$ python3 setup.py install

Use

Subrake is highly flexible and is made to work in different situations. It can parse output files from multiple tools collectively. It does OSINT search alongside wordlist bruteforcing and before actual bruteforcing, it removes similar subdomains and false positives. It does also support a filter which when supplied allows you to seperate subdomains with the same IP addresses in the final CSV result. Let’s see some of the Subrake uses:

A simple run with OSINT results from search engines:

Subrake with Multiple Threads:

Subrake with OSINT results + SecLists subdomains list:

Subrake with OSINT results + Multiple SecLists subdomains list:
Note: Subdomains with similar names will automatically be filtered and counted as 1

Subrake without OSINT + Output from multiple tools combined + IP Filtering:

Subrake without DNS + OSINT:

Subrake with Port Scanning:
NOTE: Port 80,443 will be scanned by default for every host under the HTTP/HTTPS banner. So, there’s no need to specify them here

Copyright (C) 2021 hash3liZer

Source: https://github.com/hash3liZer/