This bash script automates the process of subdomain enumeration, identifying alive subdomains, taking screenshots of them, and conducting port scanning using various tools.
Ensure you have the following tools installed on your system:
- subfinder
- assetfinder
- httprobe
- gowitness
- nmap
- Clone the repository:
git clone https://github.com/daveylupes/subdomainfinder.git
cd subdomainfinder- Make the script executable:
chmod +x ssubdomainfinder.sh- Run the script with your desired domain as an argument:
./subdomainfinder.sh example.comThe script creates the following directories to store the results:
subdomains: Contains the list of found subdomains.screenshots: Contains the screenshots of alive subdomains.scans: Contains the results of the nmap scan.
-
Subdomain Enumeration:
- Uses
subfinderandassetfinderto find subdomains associated with the specified domain.
- Uses
-
Finding Alive Subdomains:
- Filters out the subdomains that respond to HTTP/HTTPS requests using
httprobe. - Saves the alive subdomains to a file.
- Filters out the subdomains that respond to HTTP/HTTPS requests using
-
Taking Screenshots:
- Utilizes
gowitnessto capture screenshots of the alive subdomains.
- Utilizes
-
Port Scanning:
- Executes a port scan on the alive subdomains using
nmap.
- Executes a port scan on the alive subdomains using
This script is inspired by the teachings of TCM (The Cyber Mentor).
- Uncomment the
amasssection if you have it installed and prefer to use it for subdomain enumeration. - Adjust the script according to your preferences and requirements.