Dynamic_enum_Wizard is a curses-based wizard that conducts a wide range of security reconnaissance tasks while keeping the terminal output to a minimum. All detailed logs and data are stored in a timestamped workspace folder (e.g., wizard_enum_<domain>_<YYYYMMDD-HHMMSS>). This approach lets you see just enough progress on screen—plus a spinner that can show CPU/Memory usage and environment info (OS, hostname, public IP)—while the real work is logged to disk.
- Domain input (with basic validation)
- AMASS brute-forcing (optional)
- Port Scanning approach (Common ports, Top 1000, or All 65535)
- Directory Brute-Forcing wordlist choice (common/big)
- Optional Concurrency for DNS resolution, Dirb, GoWitness, Naabu, etc.
- WHOIS queries to glean ownership and registrar info (run at the very top of the flow).
- DNS resolution (with optional concurrency) to map subdomains to IPs.
- Integrates
subfinder,assetfinder,sublist3r, andamass(passive and active) to gather a comprehensive subdomain list.
nmapwith user-chosen port range.naabufor quick port scanning to find open TCP ports fast.
- Uses
openssl s_clientto fetch certificate data on port 443 for each subdomain.
dirbon both HTTP and HTTPS, using either a “common” or “big” wordlist chosen by the user.
GoWitnessquickly captures HTTP/HTTPS screenshots of subdomains.
searchsploitautomatically runs on each enumerated service from the Nmap scans to find known vulnerabilities.
- ASCII banner at the top, short progress lines, and a spinner on the bottom row that shows CPU/Mem usage (if
psutilis installed) and environment info (OS, hostname, public IP).
- Logs major step start/end times, generating an ASCII timeline at the end.
- Generates both JSON and CSV summaries of discovered subdomains and IPs in the final workspace.
- A Debian/Ubuntu/Kali-based system (due to
apt-getusage). - Python 3.6+.
sudo/rootprivileges (for installing missing packages).
git clone https://github.com/exfil0/dynamic_enum_wizard.git
cd dynamic_enum_wizardchmod +x interactive_enum_wizard.pysudo apt-get install python3-psutilor
sudo pip3 install psutilThis enables the spinner to display real-time CPU and memory usage, plus environment info near the timer.
sudo ./interactive_enum_wizard.py- Domain: e.g.,
example.com - AMASS brute:
y/n - Port scanning approach:
- (1) Common (80,443)
- (2) Top 1000 (default nmap)
- (3) All (65535)
- Directory brute-forcing wordlist:
commonorbig - Concurrency:
y/nfor parallel DNS, Dirb, GoWitness, etc.
- A timestamped folder
wizard_enum_<domain>_<YYYYMMDD-HHMMSS>is created. - Detailed logs in subfolders:
logs/(WHOIS, Emails, Dorks output, etc.)nmap_scans/dirb_scans/gowitness_shots/(screenshots)ssl/
- The ASCII timeline of major steps appears at the end, and JSON/CSV outputs are saved in the workspace directory.
$ sudo ./interactive_enum_wizard.py
::::::::: :::::::::: ::: :::
:+: :+: :+: :+: :+:
+:+ +:+ +:+ +:+ +:+
+#+ +:+ +#++:++# +#+ +:+ +#+
+#+ +#+ +#+ +#+ +#+#+ +#+
#+# #+# #+# #+#+# #+#+# by Exfil0
######### . ########## . ### ### - v1.1
~ Mapping Attack Surface - @HornetStrike and @ScaryByte ~
~ DYNAMIC ENUM WIZARD ~
[*] Loading Complete Recon Wizard...
[?] Target domain (e.g., example.com): scarybyte.com
[?] Enable AMASS brute force? (y/N): n
Port scanning approach (for Nmap, sublist3r, amass):
1) Common HTTP/HTTPS only (80,443)
2) Extended Common Ports => top 1000
3) All 65535 TCP ports
[?] Enter 1, 2, or 3: 1
Directory brute-force wordlist options:
1) common.txt
2) big.txt
[?] Choose 1 or 2: 1
[?] Enable concurrency for DNS, Dirb, GoWitness, Naabu? (y/N): yThe script runs with a spinner at the bottom (showing TIME, CPU/MEM usage, plus "OS:..., Host:..., IP:..."), minimal lines above, and logs in the timestamped workspace.
This project is licensed under the MIT License for simplicity and permissiveness, allowing commercial and private use with minimal restrictions.
Permission is hereby granted, free of charge, to any person obtaining a copy ...
- Authorized Use Only: This tool is intended for legal security testing and educational research. Ensure you have explicit permission before scanning any domain/IP.
- No Warranty: Provided “as is,” without warranty of any kind. The authors assume no liability for damage or misuse.
- Rate-Limits & CAPTCHAs: Some tools may be detected by firewalls or lead to CAPTCHAs. Use responsibly.
- Fork the repo and create a new branch (
feature/somethingorfix/issueX). - Submit a Pull Request with a clear description of your changes.
- Ensure new features or bug fixes are well-tested.
- For major changes, please open an issue first to discuss the changes.
We welcome:
- Concurrency improvements.
- Additional tool integrations.
- Advanced scanning logic.
| Version | Date | Additions | Changes | Fixes | Removals |
|---|---|---|---|---|---|
| v1.1 | 2025-01-07 | - WHOIS Lookups: Automatic whois step at the beginning, saving results to logs/whois.txt. |
- Timestamped Workspace: Creates wizard_enum_<domain>_<YYYYMMDD-HHMMSS> to avoid overwriting results. |
- Auto-install Issues: Improved handling of apt-get and pip3 installations. |
- Excess Debug Output: Default terminal output is now minimal, focusing on a curses-based spinner. |
- GoWitness Screenshot Capture: Stores HTTP/HTTPS screenshots in gowitness_shots/. |
- Flow of Steps: WHOIS first, followed by subdomain, DNS, SSL, email, scanning, and reporting. | - Error Handling: Hardened around subprocess calls and concurrency to prevent partial crashes. | |||
- SearchSploit Integration: Queries searchsploit for Nmap results, saving outputs to logs/searchsploit_results.txt. |
- Curses Spinner: Enhanced with environment references (OS, hostname, IP) and optional CPU/Mem usage. | ||||
- Consolidated JSON/CSV Report: Generates consolidated_report.json and resolved_ips.csv in the workspace. |
|||||
| - Environment Info in Spinner: Displays OS version, hostname, and public IP alongside CPU/Mem usage and time. |