Programatically uses a few subdomain recon tools to enumerate subdomains for a target domain
You need the following subdomain recon tools installed and in your PATH:
- Amass
- Subfinder
- Assetfinder
- Chaos
- BBRecon API key
- https://bugbountyrecon.com/
- Add the API key into BBR_API_KEY in the script.
usage: subz.py [-h] [-t TARGET] [-s SCOPE] [-d] [-v]
Programatically uses a few subdomain recon tools to enumerate subdomains for a
target domain
optional arguments:
-h, --help show this help message and exit
-t TARGET, --target TARGET
Specify the single domain you'd like to enumerate
subdomains for. e.g. uber.com
-s SCOPE, --scope SCOPE
Display the in-scope web assets from HackerOne.
Specify slug. e.g. 'yelp' or 'verizonmedia'
-d, --mkdirs Create directory structure using in-scope web assets
from HackerOne. Requires '-s' flag.'
-v, --verbose Enable slightly more verbose console outputPulls from HackerOne using valid slug.
Slug is usually the endpoint used to reach the scope page for the program. e.g. https://hackerone.com/paypal
python3 subz.py -s paypal
Requires the -s flag
python3 subz.py -s paypal -d
- Add
-vfor verbosity. Lets you see what command is running for each tool. - Will use Amass, Assetfinder Subfinder, Chaos for subdomain enumeration.
- The results will be output files for each tool. There will be a
final.{target}.txtfile with everything sorted and deduped for you in 1 file :)
python3 subz.py -t paypal.me