Enumeration, Hacking

Sub.Sh – Online Subdomain Detect Script

Sub.Sh – Online Subdomain Detect Script. Ultimate subdomain enumerator, using certspotter, cert.sh, amass, subfinder and web archive in one script.

Sub.sh Usage 🎯

bash sub.sh webscantest.com 
./sub.sh webscantest.com 


Curl 🎯

curl -s -L https://raw.githubusercontent.com/cihanmehmet/sub.sh/master/sub.sh | bash -s webscantest.com 


Subdomain Alive Check 🎯

bash sub_alive.sh bing.com 
curl -s -L https://raw.githubusercontent.com/cihanmehmet/sub.sh/master/sub_alive.sh | bash -s bing.com" 

Also read: CarbonCopy – A Tool Which Creates A Spoofed Certificate Of Any Online Website

‼️ fping required


🔓 Nmap -sn (No port scan) scan live IP detection script

fping -f ip.txt 

Usage bash nmap_sn.sh ip.txt


#!/bin/bash nmap -sn -iL $1 |grep "Nmap scan report for"|grep -Eo "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"|sort -u |tee $1.txt echo "Detect IP $(wc -l $1.txt|awk '{ print $1 }' )" "=> result_${1}" "saved" echo "File Location : "$(pwd)/"result_$1"

Other Resources for subdomain Detection

📜 DNSGEN Generates combination of domain names from the provided input. 🌀 dnsgen

DNSGEN install

pip install dnsgen 

Also read: HRShell – An Advanced HTTPS/HTTP Reverse Shell Built With Flask

🔖 Sample usage

Usage 1(fping)fping 🎯

cat domains.txt | dnsgen - |fping|grep "alive"|cut -d " " -f1>resolvers.txt 

Usage 2(httprobe ) 🎯

cat domains.txt | dnsgen - |httprobe|cut -d "/" -f3|sort -u |tee resolvers.txt 


Author Details

Github: Cihan Mehmet

Source : Haxf4rall

Previous ArticleNext Article
Send this to a friend