Skip to content
This repository has been archived by the owner on Mar 26, 2020. It is now read-only.

BitTheByte/Domainker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

249 Commits
lib
lib
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
domainker.py
domainker.py
 
 
release.py
release.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Domainker

Setup

Python pypi package got removed. if you want to use this tool follow the steps below

  • Manual setup
git clone https://github.com/BitTheByte/Domainker
cd Domainker
pip install -r requirements.txt
python domainker.py

How to use

I developed this tool to be easily managed and upgraded so i created it as small plugin systems connected together

Plugins and usage

lib\plugins\experimental\cache_poisoning.py : [--cache-poisoning] Check if the host is vulnerable to cache poisoning
lib\plugins\crlf.py   : [--crlf] Check if Host is Vulnerable To CRLF
lib\plugins\port.py   : [--ports] Scan for most common open ports. You can also use your own ports --ports 123,456,789
lib\plugins\aws.py    : [--aws] Check if The Target is found on Amazon + Automatic uploading
lib\plugins\cname.py  : [--dns] Return Target cname
lib\plugins\url.py    : [--url] Return Target Response Code [See the options for more details]
lib\plugins\struts.py : [--struts] Attack Struts [CVE-2018-11776]
lib\plugins\put.py    : [--put] Check if [PUT] Method is Enabled
lib\plugins\spf.py    : [--spf] Check For SPF Record

Basic usage

$ domainker -i google.com [.. Plugins]
$ domainker -d mydomains_list.txt [.. Plugins]
$ domainker -d mydomains_list.txt --url
$ domainker -d mydomains_list.txt --dns

You could also use multiple plugins at the same time

$ domainker -d mydomains_list.txt --url --dns --aws ...
$ domainker -i google.com --url --dns --aws ...

Options

$ domainker --help
  • Create output file [--output/-o file_name]
  • Threads count [--threads/-t number]
  • Interesting files search [--interesting-files/-F] [--url / --all required]
  • Thread timeout [--thread-timeout/-T seconds]
  • Request timeout [--request-timeout/-rt seconds]

Format

I want to add different formats at the future but currently this tool only supports this formats for the input file

https://sub.domain.com  
http://sub.domain.com  
sub.domain.com  
.sub.domain.com

Which generated by:

  • amass
  • aquatone (hosts.txt)
  • subfinder
  • sublist3r
    ... and many other subdomain finders

Contributors

FAQ

[Q] Why it's called Domainker?
[A] Originally this was a just checker script for domain availability so the name was originated from [Domain-Checker]

[Q] What is the tool for?
[A] This tool for bugbounty hunters to help them automate the boring tasks and find some low hanging bugs

[Q] Which Python version should i use?
[A] Python 2.7.16 (recommended) or Python 3.7.*

[Q] Does this tool support Python 3 ?
[A] Yes, Starting from 06/11/2019 python 3 is supported

[Q] I have an idea for you, what should i do?
[A] If you have already implemented your idea please make a pull request if not or don't know how to do it please open a new issue describing your idea in it

About

BugBounty Tool

Topics

python crawler code checker injection hacking subdomain rce response bugbounty struts2 bb hacking-tool bugcrowd hackerone h1 sudomains

Resources

Readme
Activity

Stars

39 stars

Watchers

5 watching

Forks

21 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages