Skip to content
My BugBounty helper tool
Branch: master
Clone or download
Latest commit 6a36d84 Mar 21, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib
old/version
README.md
domainker.py
requirements.txt

README.md

Domainker (Beta)

My personal bugbounty tool

How to use

I developed this tool to be easily managed and upgraded so i created it as small plugin systems connected together

Plugins and usage

lib\modules\experimental\cache_poisoning.py : [--cache-poisoning] Check if the host is vulnerable to cache poisoning
lib\modules\crlf.py  : [--crlf] Check if host is vulnerable to CRLF
lib\modules\aws.py   : [--aws] Check if target is hosted on amazon (Use -x to run Auto-Takeover)
lib\modules\cname.py : [--dns] Return host cname
lib\modules\url.py   : [--url] Return host response code also detects directory listing/communications over HTTP (Use -H to check for missing headers)

Basic usage

$ python domainker.py -i google.com [.. Plugins]
$ python domainker.py -d mydomains_list.txt [.. Plugins]
$ python domainker.py -d mydomains_list.txt --url
$ python domainker.py -d mydomains_list.txt --dns

You could also use multiple plugins at the same time

$ python domainker.py -d mydomains_list.txt --url --dns --aws ...
$ python domainker.py -i google.com --url --dns --aws ...

Options

$ python domainker --help
  • Create output file [--output/-o file_name]
  • Threads count [--threads/-t number]
  • Takeover aws [--aws-takeover/-x]
  • Missing headers [--headers/-H]
  • Thread timeout [--thread-timeout/-T seconds]
  • Request timeout [--request-timeout/-rt seconds]

Format

I want to add different formats at the future but currently this tool only supports this formats for the input file

https://sub.domain.com  
http://sub.domain.com  
sub.domain.com  
.sub.domain.com

Which generated by:

  • amass
  • aquatone (hosts.txt)
  • subfinder
  • sublist3r
    ... and many other subdomain finders
You can’t perform that action at this time.