Do you miss AXFR technique? This tool allows to get the subdomains from a HTTPS website in a few seconds.
How it works? CTFR does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs.
For more information about CT logs, check www.certificate-transparency.org.
Please, follow the instructions below for installing and run CTFR.
Make sure you have installed the following tools:
Python 3.0 or later.
pip3 (sudo apt-get install python3-pip).
$ git clone https://github.com/UnaPibaGeek/ctfr.git
$ cd ctfr
$ pip3 install -r requirements.txt
$ python3 ctfr.py --help
Parameters and examples of use.
-d --domain [target_domain] (required)
-o --output [output_file] (optional)
$ python3 ctfr.py -d starbucks.com
$ python3 ctfr.py -d facebook.com -o /home/shei/subdomains_fb.txt
Running ctfr
in docker enables for easy cloud deployment.
To run ctfr
in a docker container, simply build and run as follows:
git clone https://github.com/UnaPibaGeek/ctfr
cd ctfr
docker build -t ctfr .
docker run -it ctfr -d example.com
- Sheila A. Berta - (@UnaPibaGeek).