author
domain_hunter
A Burp Suite extender that try to find sub-domains,similar domains and related domains of an organization, not only domain. Some times similar domain and related domains give you surprise^_^. that's why I care about it.
video(视频教程)
https://www.bilibili.com/video/BV1Jt4y1U7YG/
usage
- download this burp extender from here.
- add it to burp suite. you will see a new tab named “Domain Hunter”, if no error encountered.
- visit your target website(or App) with burp proxy enabled, ensure burp recorded http or https traffic of your target.
- you can just switch to the "domain hunter" tab, input the domain that you want to search and click "Search" button.
- or you can run "Crawl" firstly to try to find more sub-domains and similar domains.
screenshot
change log
2017-07-28: Add a function to crawl all known subdomains; fix some bug.
2018-07-06: Add the ability to get related domains by get SANs object of certification.
2018-08-03: Use thread to speed up get related-domains.
2018-09-18: Optimize some steps to reduce memory usage.
2018-09-19: Update getSANs() method to void get domains of CDN provider.
2018-09-20: Update logic of getting possible https URLs that may contain related-domains
2018-09-21: Update logic of "includeInScope" and "sendToSpider" to reduces UI action time
2018-09-29: Add Upload function to support upload result to your site or system
2018-10-30: Big Change: try to find sub-domains, similar domains , related domains of an organization(enterprise), not only a domain.
2018-11-01: Add "Add to domain hunter" menu in site map tree.
2019-07-06: Use multiple thread to improve search speed. Use regex to find more domain in every response.
xmind of domain collection
Burp插件微信交流群: