How to find subdomains.
A recursive Internet scanner that will find information from various sources, such as Shodan, SecurityTrails, crt and many other solid data repositories.
https://github.com/blacklanternsecurity/bbotarrow-up-right
bbot -t <Base_Domain> -f subdomain-enum | tee output.txt
bbot can be messy. To clean up the output, use the following command:
cat /root/.bbot/scans/{scan_name}/output.txt | grep -F '[DNS_NAME]'| awk '{print $2}'
Find more subdomains with GPT
https://github.com/jhaddix/SubreconGPTarrow-up-right
chaos -d <URL> | python subrecongpt.py --apikey YOUR_OPENAI_API_KEY
Parse subdomains from dmarc.live
https://github.com/Tedixx/dmarc-subdomainsarrow-up-right
python dmarc-subdomains.py -domain <URL>
Last updated 1 year ago
