Giter Club home page Giter Club logo

subjack's Introduction

subjack

Synposis

Just like subjack from haccer but in Python.

Description

My implementation of subjack written in Python.

Pass in a subdomain wordlist and subjack.py will work your wordlist in batches of 1,000 domains.

Each subdomain's CNAME record is queried from the DNS.

If a CNAME record exists for the given subdomain, then the CNAME is checked for registration status from a RDAP lookup. RDAP tends to be more accurate than WHOIS.

๐Ÿ“˜ Note

Subjack.py by default will only output subdomains found to be hijackable.

Use verbose output to save all subdomain meta data regardless of it's hijackable status.

Or use cname output to save all subdomains with a CNAME record regardless of it's hijackable status.

Subjack.py uses the concurrent module to make quick work of the wordlist.

Dependencies

subjack.py requires the following dependencies:

Installation

  1. git clone repository
  2. pip install dependencies

Wordlist

Your wordlist should include a list of subdomains you're checking:

assets.cody.su
assets.github.com
b.cody.su
big.example.com
cdn.cody.su
dev.cody.su
dev2.twitter.com

Seclists provides a great starting point for subdomains.

Usage

Parameter --wordlist, -w

  • type : str
  • file path to wordlist
  • required : true

Parameter --outfile, -o

  • type : str
  • file name to output

Parameter --fingerprints, -f

  • type : str
  • file path to fingerprint.json
  • default : relative import from project dir

Parameter --cname, -c

  • type : bool
  • save all subdomains with a CNAME record

Parameter --verbose, -v

  • type : bool
  • save verbose domain meta data to file


Example 1

py subjack.py -w "wordlist.txt

  • outputs results.csv

Example 2

py subjack.py -w "wordlist.txt" -v

  • verbose domain data is saved
  • outputs results.csv

Example 3

py subjack.py -w "wordlist.txt" -o "results_02.csv" -v

  • verbose domain data is saved
  • outputs results_02.csv

Example 4

py subjack.py -f "wordlist.txt" -o "results_02.csv" -f "C:\Users\<user>\Downloads\fingerprints.json" -v

  • Uses fingerprints.json from another directory
  • verbose domain data is saved
  • outputs results_02.csv

Example 5

py subjack.py -f "wordlist.txt" -o "results_02.csv" -c

  • All subdomains with a CNAME record is saved regardless of hijackable status
  • outputs results_02.csv

subjack's People

Contributors

adamcysec avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.