Sudomy v1.2.1dev releases: analyze domains and collect subdomains in fast and comprehensive way

Sudomy

Sudomy

Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in a fast and comprehensive way.

Features!

For a recent time, Sudomy has these 9 features:
  • Easy, light, fast and powerful. A bash script is available by default in almost all Linux distributions. By using the bash script multiprocessing feature, all processors will be utilized optimally.
  • Subdomain enumeration process can be achieved by using an active method or passive method
    • Active Method
      • Sudomy utilizes Gobuster tools because of its highspeed performance in carrying out DNS Subdomain Bruteforce attack (wildcard support). The wordlist that is used comes from combined SecList (Discover/DNS) lists which contain around 3 million entries
    • Passive Method
      • By selecting the third-party sites, the enumeration process can be optimized. More results will be obtained with less time required. Sudomy can collect data from these well-curated 16 third-party sites:
          https://dnsdumpster.com
          https://web.archive.org
          https://shodan.io
          https://virustotal.com
          https://crt.sh
          https://www.binaryedge.io
          https://securitytrails.com
          https://sslmate.com/certspotter
          https://censys.io
          https://threatminer.org
          http://dns.bufferover.run
          https://hackertarget.com
          https://www.entrust.com/ct-search/
          https://www.threatcrowd.org
          https://riddler.io
          https://findsubdomains.com
  • Test the list of collected subdomains and probe for working http or https servers. This feature uses a third-party tool, httprobe.
  • Subdomain availability test based on Ping Sweep and/or by getting HTTP status code.
  • The ability to detect virtualhost (several subdomains which resolve to single IP Address). Sudomy will resolve the collected subdomains to IP addresses, then classify them if several subdomains resolve to single IP address. This feature will be very useful for the next penetration testing/bug bounty process. For instance, in port scanning, single IP address won’t be scanned repeatedly
  • Performed port scanning from collected subdomains/virtualhosts IP Addresses
  • Testing the Subdomain TakeOver attack
  • Taking Screenshots of subdomains
  • Report output in HTML or CSV format

Changelog  [v1.2.1 dev]

  • Update – Added Feature Generate Network Graph Visualization Subdomain & Virtualhosts
    • Fixing Bug on Engine/Resources

Sudomy is using cURL library in order to get the HTTP Response Body from third-party sites to then execute the regular expression to get subdomains. This process fully leverages multiprocessors, more subdomains will be collected with less time consumption.

Usage

/ __|_  _ __| (_)(_)_ __ _  _

\__ \ || / _ / __ \ ' \ || |
|___/\_,_\__,_\____/_|_|_\_, |
|__/ v{1.1.0#dev} by @screetsec
Sud⍥my - Fast Subdmain Enumeration and Analyzer
http://github.com/screetsec/sudomy

Usage: sud⍥my.sh [-h [--help]] [-s[--source]][-d[--domain=]]

Example: sud⍥my.sh -d example.com
sud⍥my.sh -s Shodan,VirusTotal -d example.com
sud⍥my.sh -pS -rS -sC -nT -sS -d example.com

Optional Arguments:
-a, --all Running all Enumeration, no nmap & gobuster
-b, --bruteforce Bruteforce Subdomain Using Gobuster (Wordlist: ALL Top SecList DNS)
-d, --domain domain of the website to scan
-h, --help show this help message
-o, --html Make report output into HTML
-s, --source Use source for Enumerate Subdomain
-tO, --takeover Subdomain TakeOver Vulnerabilty Scanner
-pS, --ping-sweep Check live host using methode Ping Sweep
-rS, --resolver Convert domain lists to resolved IP lists without duplicates
-sC, --status-code Get status codes, response from domain list
-nT, --nmap-top Port scanning with top-ports using nmap from domain list
-sS, --screenshot Screenshots a list of website
-nP, --no-passive Do not perform passive subdomain enumeration
--no-probe Do not perform httprobe

 

 

 

 

 

Demo

http://www.youtube.com/watch?v=DpXIBUtasn0

Installation

Copyright (c) 2019 ᴱᴰᴼ ᴹᴬᴸᴬᴺᴰ