search

Esc4iCEscEsc / skanuvaty

Dangerously fast DNS/network/port scanner
870 stars 84 forks source link

How to use it??? #12

Open 62040132 opened 2 years ago

62040132 commented 2 years ago 
nisha@Nishant:/mnt/c/Users/nisha/Downloads/skanuvaty-master$ skanuvaty --target google.com --dns-resolver 10.64.0.1:53 --concurrency 16 --subdomains-file dns.txt
######################
### Target: "google.com"
### DNS resolver: 10.64.0.1:53
### Concurrency: 16
### Subdomains File: "dns.txt"
### Output File: "./skanuvaty.output.json"
### Verbose: false
######################
⠁ [00:00:00] [==============================] 0/0 (0s) (Found: )
######################
### Found subdomains: 0
  [00:00:00] [==============================] 0/0 (0s) (Found: 0)
Domain didn't have any addresses
RootDomain {
    name: "google.com",
    subdomains: [],
    addresses: [],
}

Add a proper guide please.

Avasz commented 2 years ago

This is a subdomain enumeration tool. You need a text file, dns.txt, as per guides which contains list of words that are possibly subdomains and provide it to the command.

For eg: image

And run the command with:

skanuvaty --target google.com --dns-resolver 1.1.1.1:53 --concurrency 16 --subdomains-file dns.txt

The result would be like this

######################
### Target: "google.com"
### DNS resolver: 1.1.1.1:53
### Concurrency: 16
### Subdomains File: "dns.txt"
### Output File: "./skanuvaty.output.json"
### Verbose: false
######################
⠙ [00:00:00] [==========================>   ] 8/9 (0s) (Found: 3)
######################
### Found subdomains: 4
  [00:00:00] [==============================] 9/9 (0s) (Found: 4)
RootDomain {
    name: "google.com",
    subdomains: [
        Subdomain {
            name: "blog.google.com",
            addresses: [
                Address {
                    ip: 142.250.71.41,
                },
            ],
        },
        Subdomain {
            name: "mail.google.com",
            addresses: [
                Address {
                    ip: 216.58.196.165,
                },
            ],
        },
        Subdomain {
            name: "docs.google.com",
            addresses: [
                Address {
                    ip: 142.250.205.238,
                },
            ],
        },
        Subdomain {
            name: "chat.google.com",
            addresses: [
                Address {
                    ip: 142.250.193.110,
                },
            ],
        },
    ],
    addresses: [
        Address {
            ip: 142.250.182.14,
        },
    ],
}

I hope this makes it more clear. :)

For fun, you can use the subdomain wordlist from sublist3r, all credits to sublist3r team. It is available here: https://raw.githubusercontent.com/aboul3la/Sublist3r/master/subbrute/names.txt

Save it as name.txt. Then the command would be:

skanuvaty --target google.com --dns-resolver 1.1.1.1:53 --concurrency 16 --subdomains-file names.txt

Have fun! :)

62040132 commented 2 years ago

Thanks man ❤️. This guide made it easier to understand. It will help others also :)

anthonp commented 11 months ago

I'd love to help write a usage guide to merge with README. Regarding long-term use, besides keeping the executable in ~/Downloads/, where would you put this? /usr/local/bin? Regarding usage, what are the dependencies? It's not clear from the README. Thanks!