Frogy's Subdomain Enumeraton - It's not yet another Subdomain Enumeration tool
Using the combination of different subdomain tools it tries to identify more subdomains using combination of bruteforce and other techniques.
-
Requirements: Go Language, Python 3.+, jq
-
Tools used - You must need to install these tools and place them into /usr/bin folder to use this script
- SubFinder - Ensure the binary name must be 'subfinder' only
- Assetfinder - Ensure the binary name must be 'assetfinder' only
- Find-domain - Ensure the binary name must be 'findomain-linux' only
- httprobe - Ensure the binary name must be 'httprobe' only
- anew - Ensure the binary name must be 'anew' only
- massdns - Ensure the binary name must be 'massdns' only
You might require to install WHOIS and JQ depending upon your enviroment. You can install them using the following commands:
apt install jq apt install whois -
Installation
git clone https://github.com/iamthefrogy/frogy.git cd frogy chmod +x frogy.sh.x -
Usage
./frogy.sh.x -
Output
Output will be saved within output/ORG/ORG.master file. If telsa.com is your target then output file will be output/telsa/tesla.master
TODO
- ✅
Efficient folder structure management - ✅
Resolving subdomains using Massdns - ✅
Add dnscan for extened subdomain enum scope - ✅
Add scope for extened subdomain enum scope - Eliminate false positives. Currently around 2% to 4% false positives are there.
- ✅
Removed resolving part - ✅
Find live URLs on standard (80, 443) and non-standard ports (8080, 8443, 8888, etc.)
Thanks to the authors of the tools used in this script.
Warning: This is just a research project. Kindly use it with caution and at your own risk.
