Skip to content
/ subvance Public

Advance subdomain discovery tool for active and passiv information gathering.

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cryxnet/subvance

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
assets
assets
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
subvance.py
subvance.py
 
 

Repository files navigation


Logo

Subvance

Subvance is a advance subdomain discovery tool that can actively or passively discover subdomains of a domain. It uses techniques like brute-forcing, google dorks, certificate fingerprinting, and querying databases to generate a list of potential subdomains. The tool is efficient and can help improve overall security.
Explore the docs »

Report Bug · Request Feature

Installation

To install the project and its dependencies, follow these steps:

  1. Clone the repository to your local machine:
git clone https://github.com/cryxnet/subvance.git
  1. Navigate to the project directory:
cd subvance
  1. Create a virtual environment for the project:
python -m venv venv
  1. Activate the virtual environment:

On Windows:

venv\Scripts\activate

On macOS or Linux:

source venv/bin/activate
  1. Install the project dependencies:
pip install -r requirements.txt
  1. Execute subvance.py with the arguments (look usage)
python subvance.py <args>

Usage

subvance.py [-h] [-o OUTPUT_FILE_PATH] [--cert-fingerprint] [--brute-force] [--google-dorks] [--passive] [--active]
            [--all] [--wordlist WORDLIST_PATH]
            domain

Techniques

Active Techniques

Bruteforcing

  • Brute force guessing of subdomains by trying out common or random strings in the domain name

Passive Techniques

Certificate Fingerprinting

  • Extracting subdomains from SSL/TLS certificates of a domain or its subdomains
  • Has data use we use the crt.sh database.
  • Information: Currently the crt.sh database is not available 100%. If it doesn't work it will display it in the logs: ERROR - Failed certificate fingerprinting for domain: example.com with status code: 502 (or others)

Google Dorks

  • With the power of google dorks, we collect indexed sudomains.

Roadmap

-- Current State --

  • Bruteforcing (active discovery)
  • Google dorks discovery (passive discovery)
  • Certificate Fingerprinting (passive discovery)

-- Active --

  • Zone Transfer
  • DNS Records
  • Content Security Policy (CSP) Header

Disclaimer

YOUR USAGE OF THIS PROJECT CONSTITUTES YOUR AGREEMENT TO THE FOLLOWING TERMS:

    THE MISUSE OF THE DATA PROVIDED BY THIS PROJECT AND ITS MALWARES MAY LEAD TO CRIMINAL CHARGES AGAINST THE PERSONS CONCERNED.

    I DO NOT TAKE ANY RESPONSIBILITY FOR THE CASE. USE THIS PROJECT ONLY FOR RESEARCH PURPOSES, EDUCATIONAL PURPOSES & ETHICAL ONLY.

    Subvance is a project related to Computer Security and for Educational Purposes and not a project that promotes illegal activities.

    Don't use this Project for any illegal activities.

    If something happens, we do not take any liability.

    Subvance should be considered as a project for educational purposes.

Author

Created by cryxnet

If you find this project helpful, please give it a ⭐️ on GitHub to show your support. I would also appreciate it if you shared it with others who might find it useful!

About

Advance subdomain discovery tool for active and passiv information gathering.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages