virustotal

[theMiddleBlue]

Hi!

I've just tried it and it seems very powerful! I usually check a domain name on virustotal.com/domain information as an integration of a subdomains enumeration activity (my little bash script: theMiddleBlue/DNSenum).

I'm not sure if virustotal accepts this... but usually, I get a list of subdomains from https://www.virustotal.com/it/domain/${DOMAIN_NAME}/information/ with something like this:

curl -s \
-c vtcookie.txt \
-b vtcookie.txt \
-A "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36" \
"https://www.virustotal.com/en-gb/domain/example.com/information/"

curl -s \
-c vtcookie.txt \
-b vtcookie.txt \
-A "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36" \
"https://www.virustotal.com/en-gb/domain/example.com/information/" | egrep "\<a target\=.\_blank. href\=..en\-gb.domain" | awk 'BEGIN{FS="/"}{print $4}'

the output is:

ns1.example.com
fake6.example.com
fake5.example.com
fake4.example.com
fake3.example.com
fake2.example.com
fake1.example.com
fake7.example.com
mail2.example.com
www.example.com

Hope this can be useful 😄

[evilsocket]

Subdomain enumeration is already implemented and it works quite well, but thanks for your feedback.