6

assetfinder - Find Related Domains and Subdomains

 2 years ago
source link: https://www.darknet.org.uk/2021/12/assetfinder-find-related-domains-and-subdomains/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

assetfinder – Find Related Domains and Subdomains

Last updated: December 30, 2021 | 282 views 0

assetfinder is a Go-based tool to find related domains and subdomains that are potentially related to a given domain from a variety of sources including Facebook, ThreatCrowd, Virustotal and more.

assetfinder - Find Related Domains and Subdomains

assetfinder uses a variety of sources including those in the infosec space and social networks which can give relevant info:

  • crt.sh
  • certspotter
  • hackertarget
  • threatcrowd
  • wayback machine
  • dns.bufferover.run
  • facebook – Needs FB_APP_ID and FB_APP_SECRET environment variables set (https://developers.facebook.com/) and you need to be careful with your app’s rate limits
  • virustotal – Needs VT_API_KEY environment variable set (https://developers.virustotal.com/reference)
  • findsubdomains – Needs SPYSE_API_TOKEN environment variable set (the free version always gives the first response page, and you also get “25 unlimited requests”) — (https://spyse.com/apidocs)

Sources to be implemented:

  • http://api.passivetotal.org/api/docs/
  • https://community.riskiq.com/ (?)
  • https://riddler.io/
  • http://www.dnsdb.org/
  • https://certdb.com/api-documentation

Usage of assetfinder to Find Related Domains and Subdomains

The usage is very simple with only one option basically, to limit the search to subdomains only – by default it will scan for all associated domains and subdomains.

assetfinder [--subs-only] <domain>

Installing assetfinder to Find Related Domains and Subdomains

If you have Go installed and configured (i.e. with $GOPATH/bin in your $PATH):

go get -u github.com/tomnomnom/assetfinder

Another similar and recent tool that uses many of these sources and more and is also worth checking out is The OWASP Amass Project- DNS Enumeration, Attack Surface Mapping & External Asset Discovery.

You can download assetfinder here:

Source: assetfinder-master.zip
Linux: assetfinder-linux-386-0.1.1.tgz
Windows: assetfinder-windows-386-0.1.1.zip

Or read more here.

Posted in: Hacking Tools

Latest Posts:

assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.

December 30, 2021 - 0 Shares

Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.

August 31, 2021 - 289 Shares

Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

July 7, 2021 - 200 Shares

Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.

May 27, 2021 - 318 Shares

LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.

May 7, 2021 - 181 Shares

Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.

April 19, 2021 - 281 Shares
No comments yet.

Leave a Reply Click here to cancel reply.

Name (required)

Email (will not be published) (required)

Website


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK