CoolHandSquid
commented
4 years ago 
Would it be possible to add this functionality?
Closed CoolHandSquid closed 4 years ago
CoolHandSquid
commented
4 years ago
Would it be possible to add this functionality?
secw01f
commented
4 years ago @CoolHandSquid
Are you looking to use the IP for subdomain enumeration? I ask because I am not sure that would work unless you add the IP to your /etc/hosts file, give the IP a domain name in the file, then try to enumerate from there. If that doesn't work for you, I can look at adding a subdomain brute-forcing functionality to the tool.
Also, if you want to use some of the other features of the tool on an IP and bypass the subdomain enumeration, you can add the IP address or addresses to a file and read the file into the tool with the -s flag and everything will still work.
CoolHandSquid
commented
4 years ago Adding in utilization of dirsearch type tool would be huge. Possibly with a larger list of potential directories for the first level and then a small list for recursive searching. My recommendation is for /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt as the larger list and /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt for the smaller one because they are already built into older and newer kali's at the same location.
secw01f
commented
4 years ago @CoolHandSquid
So the functionality to brute-force directories is already there with the -D flag that way you can choose which wordlist you would like as I use different wordlists based on the application/target that I am going after. As a word of warning, if you are running this against an extensive list of subdomains or IP's, the time to scan will be significant.
I would have to look at the logic of how to run a second layer of testing against the directories that received 200, 403, etc. Is that what you are getting at?
CoolHandSquid
commented
4 years ago I did not see that. What you have going should be fine. Awesome stuff!
secw01f
commented
4 years ago Fantastic! Thanks!