Subdomain brute force focused on speed and data serialization. SimplyDomain uses a framework approach to build and deploy modules within. This allows for fast, easy and concise output to feed into larger OSINT feeds.
- Easy install - support as many NIX based platforms.
- Pure Python - no other arbitrary setup processes and Python-3 support
- Expose public API - allows for simplydomain to integrate into other toolsets.
You have a few fundamental choices when installing simplydomain; you can use your host systems python install, you can use virtualenv to ensure maximum capability, or Docker to have a clean environment.
pip3 install simplydomainor
python3 -m pip install simplydomaingit clone git@github.com:SimplySecurity/simplydomain-pkg.git | cd simplydomain-pkg
python3 -m pip installsimplydomain supports a bin directory which is installed during the Python Setup PKG install. This now allows users to use their terminal of choice to use simplydomain.
To display Help:
simply_domain.py -h To run a basic passive sub-domain search:
simply_domain.py -all uber.comThe developed Dockerfile provides you with an easy way to spin up an instance and gain results in a short period without breaking certain dependencies. I highly suggest you use docker Volumes to ensure data persistence:
docker run -ti simplysecurity/simplydomain -hThe simplydomain Python package allows you to expose a few critical areas of simplydomain to enable you easily extend or implement simplydomain in existing projects.
For reference the exposed API lives at https://github.com/SimplySecurity/simplydomain-pkg/simplydomain/__init__.py
Since simplydomain really at the core is a suite of high-level functions, there are only a few High Level API calls that can be made. For this reason, the exposed api is purely functioning vs. Class structures.
import simplydomain
simplydomain.<function>()simplydomain consists of many Dynamic modules and Static modules too allow a programmer to search a large subset of sources for subdomains easily. Within the simplydomain API, this concept is broken down into executing a large scale search function, and specific Static modules.
Executes the main search function(s) of simplydomain.
Required Parameters:
- domain (str) - sets the domain to search sub-domains for
Optional Parameters:
- config (dict) - sets the JSON config settings
- dnsservers (list) - sets a list of DNS servers for resolving Questions
- debug (bool) - sets the log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
- verbose (bool) - set to enable verbose console messaging
- wordlist_bruteforce (bool) - sets to enable wordlist bruteforcing
- wordlist_count (bool) - top sub-domains count to bruteforce (1-1000000)
- raw_bruteforce (bool) - set to enable to brute force keyspace
- raw_depth (int) - depth to brute force keyspace (1-5)
- return_type (str) - (dict || json)
Implemented Definition
simplydomain.execute_search(
domain,
config={},
dnsservers=[],
debug='CRITICAL',
verbose=False,
wordlist_bruteforce=True,
wordlist_count=100,
raw_bruteforce=True,
raw_depth=3,
return_type='json',
):Example(s)
>>> import simplydomain
>>> simplydomain.execute_search()Executes the static raw brute-force module of simplydomain. This allows simplydomain to generate all applicable RFC character sets off a subdomain keyspace. This can range from 1 char() to 5 char() which can feasibly be brute forced.
Required Parameters:
- domain (str) - sets the domain to search sub-domains for
Optional Parameters:
- config (dict) - sets the JSON config settings
- dnsservers (list) - sets a list of DNS servers for resolving Questions
- debug (bool) - sets the log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
- verbose (bool) - set to enable verbose console messaging
- wordlist_bruteforce (bool) - sets to enable wordlist bruteforcing
- wordlist_count (bool) - top sub-domains count to bruteforce (1-1000000)
- raw_bruteforce (bool) - set to enable to brute force keyspace
- raw_depth (int) - depth to brute force keyspace (1-5)
- return_type (str) - (dict || json)
Implemented Definition
simplydomain.execute_raw_bruteforce(
domain,
config={},
dnsservers=[],
debug='CRITICAL',
verbose=False,
wordlist_count=0,
return_type='json',
wordlist_bruteforce=False,
raw_bruteforce=True,
raw_depth=2
):Example(s)
>>> import simplydomain
>>> simplydomain.execute_raw_bruteforce('uber.com', raw_depth=3)
'{"args": {"debug": true, "domain": "uber.com",..}, "data":...."}'Executes the static wordlist brute-force module of simplydomain. This allows simplydomain to get a range() of X subdomains for to be brute-forced. This can range from 1-1 Million words.
Required Parameters:
- domain (str) - sets the domain to search sub-domains for
Optional Parameters:
- config (dict) - sets the JSON config settings
- dnsservers (list) - sets a list of DNS servers for resolving Questions
- debug (bool) - sets the log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
- verbose (bool) - set to enable verbose console messaging
- wordlist_bruteforce (bool) - sets to enable wordlist bruteforcing
- wordlist_count (bool) - top sub-domains count to bruteforce (1-1000000)
- raw_bruteforce (bool) - set to enable to brute force keyspace
- raw_depth (int) - depth to brute force keyspace (1-5)
- return_type (str) - (dict || json)
Implemented Definition
simplydomain.execute_raw_bruteforce(
domain,
config={},
dnsservers=[],
debug='CRITICAL',
verbose=False,
wordlist_count=100,
return_type='json',
wordlist_bruteforce=True,
raw_bruteforce=False,
raw_depth=0
):Example(s)
>>> import simplydomain
>>> simplydomain.execute_raw_bruteforce('uber.com', wordlist_count=100)
'{"args": {"debug": true, "domain": "uber.com",..}, "data":...."}'