-
-
Notifications
You must be signed in to change notification settings - Fork 19
/
subdomain.yaml
69 lines (60 loc) · 3.27 KB
/
subdomain.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
name: subdomain
desc: Scanning for subdomain
report:
final:
- "{{Output}}/subdomain/final-{{Workspace}}.txt"
- "{{Output}}/subdomain/{{Workspace}}-raw-amass.txt"
- "{{Output}}/subdomain/more-{{Workspace}}.txt"
# {{Output}} == {{Workspaces}} + {{Workspace}} but strip "/" char
pre_run:
- CreateFolder("{{Output}}/subdomain/")
- CreateFolder("{{Output}}/ipspace/")
params:
- subfinderThreads: "{{threads * 6}}"
- amassTimeout: "2h"
- enableAmass: "false"
- amassThreads: "200"
- amassConfig: "{{Data}}/external-configs/amass-basic-config.yaml"
- subfinderConfig: "{{Data}}/external-configs/subfinder-provider.yaml"
steps:
- required:
- "{{Binaries}}/amass"
- "{{Binaries}}/subfinder"
- "{{Binaries}}/assetfinder"
- "{{Binaries}}/github-subdomains"
- "{{Binaries}}/findomain"
commands:
- "{{Binaries}}/subfinder -d {{Target}} -provider-config {{subfinderConfig}} -t {{subfinderThreads}} -o {{Output}}/subdomain/{{Workspace}}-subfinder.txt >/dev/null 2>&1"
- commands:
- "{{Binaries}}/assetfinder -subs-only {{Target}} > {{Output}}/subdomain/{{Workspace}}-assetfinder.txt"
- "{{Binaries}}/findomain -u {{Output}}/subdomain/{{Workspace}}-findomain.txt -t {{Target}} > /dev/null 2>&1"
- conditions:
- '"{{enableAmass}}" == "true"'
commands:
- "timeout -k 1m {{amassTimeout}} {{Binaries}}/amass enum -active -dns-qps {{amassThreads}} -config {{amassConfig}} -silent -nocolor -d {{Target}} -o {{Output}}/subdomain/{{Workspace}}-raw-amass.txt > /dev/null 2>&1"
scripts:
- ExecCmd("cat {{Output}}/subdomain/{{Workspace}}-raw-amass.txt | grep 'FQDN' | awk '{print $1}' | sort -u > {{Output}}/subdomain/{{Workspace}}-amass.txt")
# cleaning some result
- scripts:
- SortU("{{Output}}/subdomain/{{Workspace}}-github.txt")
- Append("{{Output}}/subdomain/sum-{{Workspace}}.txt", "{{Output}}/subdomain/{{Workspace}}-amass.txt")
- Append("{{Output}}/subdomain/sum-{{Workspace}}.txt", "{{Output}}/subdomain/{{Workspace}}-subfinder.txt")
- Append("{{Output}}/subdomain/sum-{{Workspace}}.txt", "{{Output}}/subdomain/{{Workspace}}-assetfinder.txt")
- Append("{{Output}}/subdomain/sum-{{Workspace}}.txt", "{{Output}}/subdomain/{{Workspace}}-findomain.txt")
- Append("{{Output}}/subdomain/sum-{{Workspace}}.txt", "{{Output}}/subdomain/{{Workspace}}-github.txt")
- Append("{{Output}}/subdomain/sum-{{Workspace}}.txt", "{{Output}}/subdomain/{{Workspace}}-ourl.txt")
# append with result in stogres too
# remove junk subdomain and 1-2-3.subdomain.com
- ExecCmd("cat {{Output}}/subdomain/sum-{{Workspace}}.txt | {{Binaries}}/cleansub -t '{{Target}}' >> {{Output}}/subdomain/final-{{Workspace}}.txt")
# get more related domains
- required:
- "{{Binaries}}/metabigor"
commands:
- "echo '{{Org}}' | metabigor cert --json -o {{Output}}/subdomain/more-json-{{Workspace}}.txt > /dev/null 2>&1"
scripts:
- ExecCmd("cat {{Output}}/subdomain/more-json-{{Workspace}}.txt | jq -r '.Domain' | sed 's/\*.//g' | sort -u >> {{Output}}/subdomain/more-{{Workspace}}.txt")
- scripts:
- SortU("{{Output}}/subdomain/final-{{Workspace}}.txt")
post_run:
# delete all files in workspaces folder except a file lists in report section
- Cleaning("{{Output}}/subdomain/")