Skip to content
My BugBounty helper tool
Branch: master
Clone or download
Latest commit 6a36d84 Mar 21, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.

Domainker (Beta)

My personal bugbounty tool

How to use

I developed this tool to be easily managed and upgraded so i created it as small plugin systems connected together

Plugins and usage

lib\modules\experimental\ : [--cache-poisoning] Check if the host is vulnerable to cache poisoning
lib\modules\  : [--crlf] Check if host is vulnerable to CRLF
lib\modules\   : [--aws] Check if target is hosted on amazon (Use -x to run Auto-Takeover)
lib\modules\ : [--dns] Return host cname
lib\modules\   : [--url] Return host response code also detects directory listing/communications over HTTP (Use -H to check for missing headers)

Basic usage

$ python -i [.. Plugins]
$ python -d mydomains_list.txt [.. Plugins]
$ python -d mydomains_list.txt --url
$ python -d mydomains_list.txt --dns

You could also use multiple plugins at the same time

$ python -d mydomains_list.txt --url --dns --aws ...
$ python -i --url --dns --aws ...


$ python domainker --help
  • Create output file [--output/-o file_name]
  • Threads count [--threads/-t number]
  • Takeover aws [--aws-takeover/-x]
  • Missing headers [--headers/-H]
  • Thread timeout [--thread-timeout/-T seconds]
  • Request timeout [--request-timeout/-rt seconds]


I want to add different formats at the future but currently this tool only supports this formats for the input file

Which generated by:

  • amass
  • aquatone (hosts.txt)
  • subfinder
  • sublist3r
    ... and many other subdomain finders
You can’t perform that action at this time.