Switch branches/tags
Nothing to show
Find file Copy path
b8efe90 Mar 15, 2018
4 contributors

Users who have contributed to this file

@coreb1t @dradford @leifdreizler @toxydose
executable file 109 lines (87 sloc) 3.98 KB
#!/usr/bin/env python
# enumall is a refactor of providing a script to identify subdomains using several techniques and tools.
# Relying heavily on the stellar Recon-NG framework and Alt-DNS, enumall will identify subdomains via search engine
# scraping (yahoo, google, bing, baidu), identify subdomains using common OSINT sites (shodan, netcraft), identify
# concatenated subdomains (altDNS), and brute-forces with a stellar subdomain list (formed from Bitquark's subdomain
# research, Seclists, Knock, Fierce, Recon-NG, and more) located here:
# Alt-DNS Download:
# by @jhaddix and @leifdreizler
import argparse
import re
import sys
import datetime
import time
import os
import sys
from config import *
reconPath = "/usr/share/recon-ng/"
altDnsPath = "/root/Desktop/altdns-master/"
from recon.core import base
from recon.core.framework import Colors
if altDnsPath:
sys.path.insert(1, altDnsPath)
def run_module(reconBase, module, domain):
x = reconBase.do_load(module)
x.do_set("SOURCE " + domain)
def run_recon(domains, bruteforce):
stamp ='%M:%H-%m_%d_%Y')
wspace = domains[0]+stamp
reconb = base.Recon(base.Mode.CLI)
module_list = ["recon/domains-hosts/bing_domain_web", "recon/domains-hosts/google_site_web", "recon/domains-hosts/netcraft", "recon/domains-hosts/shodan_hostname", "recon/netblocks-companies/whois_orgs", "recon/hosts-hosts/resolve"]
for domain in domains:
for module in module_list:
run_module(reconb, module, domain)
#subdomain bruteforcing
x = reconb.do_load("recon/domains-hosts/brute_hosts")
if bruteforce:
x.do_set("WORDLIST " + bruteforce)
x.do_set("WORDLIST /usr/share/recon-ng/data/hostnames.txt")
x.do_set("SOURCE " + domain)
#reporting output
outFile = "FILENAME "+os.getcwd()+"/"+domains[0]
x = reconb.do_load("reporting/csv")
x = reconb.do_load("reporting/list")
x.do_set("COLUMN host")
parser = argparse.ArgumentParser()
parser.add_argument('-a', dest='runAltDns', action='store_true', help="After recon, run AltDNS? (this requires alt-dns)")
parser.add_argument("-i", dest="filename", type=argparse.FileType('r'), help="input file of domains (one per line)", default=None)
parser.add_argument("domains", help="one or more domains", nargs="*", default=None)
parser.add_argument("-w", dest="wordlist", type=argparse.FileType('r'), help="input file of subdomain wordlist. must be in same directory as this file, or give full path", default=None)
parser.add_argument("-p", dest="permlist", type=argparse.FileType('r'), help="input file of permutations for alt-dns. if none specified will use default list.", default=None)
args = parser.parse_args()
if args.runAltDns and not altDnsPath:
print "Error: no altDns path specified, please download from:"
domainList = []
if args.filename:
lines = args.filename.readlines()
lines = [line.rstrip('\n') for line in lines]
bruteforceList = if args.wordlist else ""
run_recon(domainList, bruteforceList)
if args.runAltDns:
workspace = domainList[0]
altCmd="python "+os.path.join(altDnsPath,"")
subdomains = os.path.join(os.getcwd(), workspace+".lst")
permList = if args.permlist else os.path.join(altDnsPath,"words.txt")
output = os.path.join(os.getcwd(),workspace+"_output.txt")
print "running alt-dns... please be patient :) results will be displayed in "+output
# python -i subdomainsList -o data_output -w permutationsList -r -s results_output.txt
os.system('%s -i %s -o data_output -w %s -r -s %s' % (altCmd, subdomains, permList,output))