Awesome
assetfinder
Find domains and subdomains potentially related to a given domain.
Install
If you have Go installed and configured (i.e. with $GOPATH/bin
in your $PATH
):
go get -u github.com/tomnomnom/assetfinder
Otherwise download a release for your platform.
To make it easier to execute you can put the binary in your $PATH
.
Usage
assetfinder [--subs-only] <domain>
Sources
Please feel free to issue pull requests with new sources! :)
Implemented
- crt.sh
- certspotter
- hackertarget
- threatcrowd
- wayback machine
- dns.bufferover.run
- facebook
- Needs
FB_APP_ID
andFB_APP_SECRET
environment variables set (https://developers.facebook.com/) - You need to be careful with your app's rate limits
- Needs
- virustotal
- Needs
VT_API_KEY
environment variable set (https://developers.virustotal.com/reference)
- Needs
- findsubdomains
- Needs
SPYSE_API_TOKEN
environment variable set (the free version always gives the first response page, and you also get "25 unlimited requests") — (https://spyse.com/apidocs)
- Needs
Sources to be implemented
- http://api.passivetotal.org/api/docs/
- https://community.riskiq.com/ (?)
- https://riddler.io/
- http://www.dnsdb.org/
- https://certdb.com/api-documentation
TODO
- Flags to control which sources are used
- Likely to be all on by default and a flag to disable
- Read domains from stdin