Closed necrose99 closed 6 years ago
markclayton
commented
6 years ago I'm excited to see where this goes, feel free to reach out if you guys need any kind of help etc. I'll definitely help out where I can. It's still in an "alpha" stage so any bugs you guys find please make an issue in my repo. Also, it should be noted that Bumpster is going to be receiving a pretty extensive upgrade in the coming month or so. I touched on this at DHA, so be sure to keep and eye out for that.
blshkv
commented
6 years ago there is a similar (cli) script which might be a better option: https://milo2012.wordpress.com/2017/12/21/enumerating-domains-of-specific-organisations/
markclayton
commented
6 years ago Accidentally posted from my old account. If you looking for CLI you may just want to package sublist3r, it's the most extensive Subdomain enumeration took I've seen so far.
blshkv
commented
6 years ago the cli tool looks good, I'll test it. Thank you.
The main reason why I don't like your burp extension is that it does not really extend burp functionality. You can probably add its output to the target but that's about it.
markclayton
commented
6 years ago Well Bumpster is in an alpha stage and is merely a PoC right now. However, it does extend burp functionality as it adds a new capability to burp which in this case is passive subdomain enumeration for the target primary domain. Burp Suite without any extensions is not capable of OSINT subdomain enum, so yes it does extend burp functionality. Stay tuned to the project to see what else I have in store, it will be undergoing a major overhaul to become a subdomain management interface integrated into burp.
blshkv
commented
6 years ago I'll play with both tools then ;-) Thank you for these details!
markclayton
commented
6 years ago No worries! Sublist3r is way more mature though, Bumpster was a weekend project PoC that's starting to become something bigger. Please let me know of any feature requests/advice/criticism or whatever I just want to be a kick-ass took when it's done. Hit me up on Twitter, email, or here on GitHub :)
blshkv
commented
6 years ago there are 2 other tools at least, written in python as well:
net-analyzer/dnsrecon
net-analyzer/fiercewhy guys don't you join forces? This is irritating. I have just spent hours fixing fierce installation, and now I have to the same for Sublist3r: https://github.com/aboul3la/Sublist3r/issues/129
blshkv
commented
6 years ago ok, so I have a looked a both tools and here is the criticism (that's what I do the best ;-).
sublist3r is ok, 6 from 10. The strange thing is that it does not utilise dnsdumpster official API python script but it works.
Bumpster - I still feel that this is a wrong place to do OSINT. I suggest to re-write it as a MSF plugin instead. And, again, you modified dnsdumpster (with urllib2) which is wrong. I suggest to file your issues to the upstream and not to fork it for no reason. I'm sure you don't want to maintain it.
There is nothing else I can do here. The issue is closed.
blshkv
commented
6 years ago here we go again: https://www.reddit.com/r/netsec/comments/83rg4l/major_version_release_100_of_amass_the_subdomain/ "Major version release 1.0.0 of amass, the subdomain enumeration tool written in Go. Shown to be more effective than Sublist3r."
LOL?..
blshkv
commented
6 years ago https://github.com/Ice3man543/subfinder " It has a simple modular architecture and has been aimed as a successor to sublist3r project."
blshkv
commented
6 years ago blshkv
commented
6 years ago yet an another tool: https://github.com/subfinder/subfinder (go based)
Ice3man543
commented
6 years ago @blshkv It's the same tool. We just changed to an organization repo.
blshkv
commented
6 years ago @Ice3man543 noted with thanks. I'm trying to monitor tools. Subfinder is not in our repo yet but it is a good candidate to replace sublist3r as the tool seems dead.
blshkv
commented
5 years ago https://github.com/m8r0wn/subscraper a python-based non-API tool. Must be a one day project.
blshkv
commented
5 years ago https://github.com/guelfoweb/knock wordlist + VirusTotal subdomains
blshkv
commented
5 years ago blshkv
commented
4 years ago @Edu4rdSHL with his findomain joins that list. The only excuse is that it's written in Rust
Edu4rdSHL
commented
4 years ago @blshkv thank you for considering Findomain. Can you explain what's wrong with Rust?
blshkv
commented
4 years ago Nothing wrong with it. I'm not sure is it good or bad that all authors are unable to collaborate and keep coming up with a new tool every 6 month or so. Findomain is the first alternative in Rust, so I guess it is a good thing. I just wish every tool a long life because it is annoying that each tool slows down and dies eventually. That's not how opensource suppose to work.
Edu4rdSHL
commented
4 years ago I see, thanks for the explanation. As you can see I'm maintaining and improving Findomain in a very active way, new features are added and new implementations are made (thinking in the future) in every release and I haven't plans to stop doing it. Again, I appreciate your mention.
blshkv
commented
4 years ago https://github.com/yanxiu0614/subdomain3 (python based AGAIN) @yanxiu0614 welcome to that list too.
blshkv
commented
4 years ago @aboul3la https://github.com/fleetcaptain/Turbolist3r yet another fork/clone of Sublist3r <;)
blshkv
commented
4 years ago https://github.com/blechschmidt/massdns written in C (not even C++). https://github.com/pentoo/pentoo-overlay/tree/master/net-analyzer/massdns
necrose99
commented
4 years ago @Edu4rdSHL cargo-ebuild -rpm or deb etc makes quick work out them for Linux distro's
Edu4rdSHL
commented
4 years ago @necrose99 I was watching that days ago, there are some nice scripts that helps a lot.
Btw, thanks to all who packaged and maintain Findomain for Pentoo. ;)
blshkv
commented
4 years ago https://github.com/evilsocket/dnssearch @evilsocket
https://www.meetup.com/Dallas-Hackers-Association/events/247729257/ https://github.com/markclayton/bumpster @markclayton was presenting a demo of bumpster.
might be useful...
The Unofficial Burp Extension for DNSDumpster.com
Yay my first Burp Extension! DNSDumpster.com is a staple when I'm performing recon on an external pentest. You simply supply a domain name and it returns a ton of DNS information and basically lays out the external network topology. It's also extremely useful for gathering subdomains on bug bounties.
@PaulWebSec has released an unofficial python API for querying dnsdumpster.com programmatically and it's awesome! I decided to turn his API into a burp extension.
How it works Select one or more domains in your SiteMap on the Target Tab Right Click, select "Add subdomains to scope via Bumpster" Bumpster will query dnsdumpster.com for each domain and place discovered subdomains into your Scope!
dev-python++--dnsdumpster.ebuild.txt