Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
This gives you the ability to run multiple domains within the same session. The tool only has one module that needs an API key (/api/google_site) find instructions for that on the recon-ng wiki.
Setting up Enumall for Subdomain Discovery
Install recon-ng
from Source, clone the Recon-ng repository:
git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git |
Change into the Recon-ng directory:
cd recon–ng |
Install dependencies:
pip install –r REQUIREMENTS |
Link the installation directory to /usr/share/recon-ng
ln –s /$recon–ng_path /usr/share/recon–ng |
Optionally (highly recommended) download:
– AltDNS
– A good subdomain bruteforce list (example here)
Create the config.py
file and specify the path to Recon-ng and AltDNS as it showed in config_sample.py
.
Basic Usage for Subdomain Enumeration
./enumall.py domain.com |
Also supports:
–w to run a custom wordlist with recon–ng –a to use alt–dns –p to feed a custom permutations list to alt–dns (requires –a flag) –i to feed a list of domains (can also type extra domains into the original command) |
You can download Enumall here:
Or read more here.
Source : DarkNet