My personal bugbounty tool
I developed this tool to be easily managed and upgraded so i created it as small plugin systems connected together
lib\modules\experimental\cache_poisoning.py : [--cache-poisoning] Check if the host is vulnerable to cache poisoning
lib\modules\crlf.py : [--crlf] Check if host is vulnerable to CRLF
lib\modules\aws.py : [--aws] Check if target is hosted on amazon (Use -x to run Auto-Takeover)
lib\modules\cname.py : [--dns] Return host cname
lib\modules\url.py : [--url] Return host response code [See the options for more details]
$ python domainker.py -i google.com [.. Plugins]
$ python domainker.py -d mydomains_list.txt [.. Plugins]
$ python domainker.py -d mydomains_list.txt --url
$ python domainker.py -d mydomains_list.txt --dns
You could also use multiple plugins at the same time
$ python domainker.py -d mydomains_list.txt --url --dns --aws ...
$ python domainker.py -i google.com --url --dns --aws ...
$ python domainker --help
- Create output file [--output/-o file_name]
- Threads count [--threads/-t number]
- Takeover aws [--aws-takeover/-x]
- Missing headers [--headers/-H]
- Interesting files search [--interesting-files/-F]
- Thread timeout [--thread-timeout/-T seconds]
- Request timeout [--request-timeout/-rt seconds]
I want to add different formats at the future but currently this tool only supports this formats for the input file
https://sub.domain.com
http://sub.domain.com
sub.domain.com
.sub.domain.com
Which generated by:
- amass
- aquatone (hosts.txt)
- subfinder
- sublist3r
... and many other subdomain finders