This project is still in progress.
The current master branch version performes the
full subdomain enumeration, with JSON output to ./api/logs/subdomains-<tld>.json
This is an active enumerator. We take no responsibility for how or where this is used.
Give a host or list of hosts, the following actions are performed in this order:
subfinder
sublist3r
aiodnsbrute
gobuster
recon-ng
amass
massDNS
(saved in database)aquatone
nikto
penum requires docker
and docker-compose
be installed on the host.
sudo apt -y install docker docker-compose
brew install docker && brew cask install docker
From the root of this repository, start all services:
docker-compose up -d
To stop all service and preserve the database:
docker-compose down
To stop all service and destroy the database:
docker-compose down -v
Backend functionality is queried through the Golang HTTP server at: http://localhost:8080
Enumerate against single FQDN/IP:
./penum -d example.com
This is equivalent to: curl -X POST -d "<target_host1>" http://<hostname>[:<port>]
Enumerate against newline-delineated list of FQDNs/IPs:
./penum -f /path/to/file
This is equivalent to: curl -F 'uploadedfile=@/path/to/hosts.txt' http://<hostname>[:<port>]/upload
View execution log:
tail -f api/logs/flask-api.log
Custom DB query:
psql -U postgres --password postgres -d penum -c "<CUSTOM_QUERY>"
.burp
with info