Subdomain finder
https://github.com/tomnomnom/assetfinder
assetfinder <domain>
--subs-only
better with save in file and using this file
#!/bin/bash
url = $1
if [! -d "$url" ];then
mkdir $url
fi
if [! -d "$url/recon" ];then
mkdir $url/recon
fi
assetfinder $url >> $url/recon/assets.txt
cat $url/recon/assets.txt | grep $1 >> $url/recon/f.txt
rm $url/recon/assets.txt
https://github.com/OWASP/Amass
#!/bin/bash
url = $1
if [! -d "$url" ];then
mkdir $url
fi
if [! -d "$url/recon" ];then
mkdir $url/recon
fi
assetfinder $url >> $url/recon/assets.txt
cat $url/recon/assets.txt | grep $1 >> $url/recon/final.txt
rm $url/recon/assets.txt
amass enum -d $url >> $url/recon/f.txt
sort -u $url/recon/f.txt >> $url/recon/finals.txt
rm $url/recon/f.txt
Alive probe
https://github.com/tomnomnom/httprobe
cat <http list> | sort -u | httprobe -s | sed 's/https\\?:/\\///' | tr -d ':443'
#!/bin/bash
url = $1
if [! -d "$url" ];then
mkdir $url
fi
if [! -d "$url/recon" ];then
mkdir $url/recon
fi
assetfinder $url >> $url/recon/assets.txt
cat $url/recon/assets.txt | grep $1 >> $url/recon/final.txt
rm $url/recon/assets.txt
amass enum -d $url >> $url/recon/f.txt
sort -u $url/recon/f.txt >> $url/recon/finals.txt
rm $url/recon/f.txt
cat $url/recon/f.txt | sort -u | httprobe -s | sed 's/https\\?:/\\///' | tr -d ':443' >> alive.txt