subdomain.yaml

name: subdomain
desc: Scanning for subdomain

report:
  final:
    - "{{Output}}/subdomain/final-{{Workspace}}.txt"
    - "{{Output}}/subdomain/{{Workspace}}-raw-amass.txt"
    - "{{Output}}/subdomain/more-{{Workspace}}.txt"

# {{Output}} == {{Workspaces}} + {{Workspace}} but strip "/" char
pre_run:
  - CreateFolder("{{Output}}/subdomain/")
  - CreateFolder("{{Output}}/ipspace/")

params:
  - subfinderThreads: "{{threads * 6}}"
  - amassTimeout: "2h"
  - enableAmass: "false"
  - amassThreads: "200"
  - amassConfig: "{{Data}}/external-configs/amass-basic-config.yaml"
  - subfinderConfig: "{{Data}}/external-configs/subfinder-provider.yaml"

steps:
  - required:
      - "{{Binaries}}/amass"
      - "{{Binaries}}/subfinder"
      - "{{Binaries}}/assetfinder"
      - "{{Binaries}}/github-subdomains"
      - "{{Binaries}}/findomain"
    commands:
      - "{{Binaries}}/subfinder -d {{Target}} -provider-config {{subfinderConfig}} -t {{subfinderThreads}} -o {{Output}}/subdomain/{{Workspace}}-subfinder.txt >/dev/null 2>&1"
  - commands:
      - "{{Binaries}}/assetfinder -subs-only {{Target}} > {{Output}}/subdomain/{{Workspace}}-assetfinder.txt"
      - "{{Binaries}}/findomain -u {{Output}}/subdomain/{{Workspace}}-findomain.txt -t {{Target}} > /dev/null 2>&1"

  - conditions:
      - '"{{enableAmass}}" == "true"'
    commands:
      - "timeout -k 1m {{amassTimeout}} {{Binaries}}/amass enum -active -dns-qps {{amassThreads}} -config {{amassConfig}} -silent -nocolor -d {{Target}} -o {{Output}}/subdomain/{{Workspace}}-raw-amass.txt > /dev/null 2>&1"
    scripts:
      - ExecCmd("cat {{Output}}/subdomain/{{Workspace}}-raw-amass.txt | grep 'FQDN' | awk '{print $1}' | sort -u > {{Output}}/subdomain/{{Workspace}}-amass.txt")

  # cleaning some result
  - scripts:
      - SortU("{{Output}}/subdomain/{{Workspace}}-github.txt")
      - Append("{{Output}}/subdomain/sum-{{Workspace}}.txt", "{{Output}}/subdomain/{{Workspace}}-amass.txt")
      - Append("{{Output}}/subdomain/sum-{{Workspace}}.txt", "{{Output}}/subdomain/{{Workspace}}-subfinder.txt")
      - Append("{{Output}}/subdomain/sum-{{Workspace}}.txt", "{{Output}}/subdomain/{{Workspace}}-assetfinder.txt")
      - Append("{{Output}}/subdomain/sum-{{Workspace}}.txt", "{{Output}}/subdomain/{{Workspace}}-findomain.txt")
      - Append("{{Output}}/subdomain/sum-{{Workspace}}.txt", "{{Output}}/subdomain/{{Workspace}}-github.txt")
      - Append("{{Output}}/subdomain/sum-{{Workspace}}.txt", "{{Output}}/subdomain/{{Workspace}}-ourl.txt")
      # append with result in stogres too
      # remove junk subdomain and 1-2-3.subdomain.com
      - ExecCmd("cat {{Output}}/subdomain/sum-{{Workspace}}.txt | {{Binaries}}/cleansub -t '{{Target}}' >> {{Output}}/subdomain/final-{{Workspace}}.txt")

  # get more related domains
  - required:
      - "{{Binaries}}/metabigor"
    commands:
      - "echo '{{Org}}' | metabigor cert --json -o {{Output}}/subdomain/more-json-{{Workspace}}.txt > /dev/null 2>&1"
    scripts:
      - ExecCmd("cat {{Output}}/subdomain/more-json-{{Workspace}}.txt | jq -r '.Domain' | sed 's/\*.//g' | sort -u >> {{Output}}/subdomain/more-{{Workspace}}.txt")

  - scripts:
      - SortU("{{Output}}/subdomain/final-{{Workspace}}.txt")

post_run:
  # delete all files in workspaces folder except a file lists in report section
  - Cleaning("{{Output}}/subdomain/")