Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

Overview

DOME - A subdomain enumeration tool

Version Build Build Contributions Welcome

Alt Text

Check the Spanish Version

Dome is a fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports. This tool is recommended for bug bounty hunters and pentester in their reconnaissance phase.

the more surface area exposed the faster a rock with break down

If you want to use more OSINT engines, fill the config.api file with the needed API tokens

Passive Mode:

Use OSINT techniques to obtain subdomains from the target. This mode will not make any connection to the target so it is undetectable. The basic use of this mode is:

python dome.py -m passive -d domain

Active Mode:

Perform bruteforce attacks to obtain alive subdomains. There are 2 types of bruteforce:

  • Pure Bruteforce: Check subdomains from a.domain.com to zzz.domain.com (26 + 26^2 + 26^3 = 18278 subdomains) this bruteforce can be disabled with -nb, --no-bruteforce
  • Wordlist based: Use a custom wordlist provided by the user using the flag -w, --wordlist. If no wordlists is specified, this mode won't be executed

This mode will also make passive mode attack but in this case, the connection is tested to ensure the subdomain is still alive. To disable passive scan in active scan mode, use --no-passive flag

The basic use of this mode is:

python dome.py -m active -d domain -w wordlist.txt

Add -p option or a built-it port option (see usage menu) to perform port scanning

python dome.py -m active -d domain -w wordlist.txt -p 80,443,8080

Installation

You can run Dome with Python 2 or 3. Python3 is recommended

Install the dependencies and run the program

git clone https://github.com/v4d1/Dome.git
cd Dome
pip install -r requirements.txt
python dome.py --help

Top Features

  • Easy to use. Just install the requirements.txt and run
  • Active and Passive scan (read above)
  • Faster than other subdomain enumeration tools
  • 7 different resolvers/nameservers including google, cloudfare (fastest), Quad9 and cisco DNS (use --resolvers filename.txt to use a custom list of resolvers, one per line)
  • Up to 21 different OSINT sources
  • Subdomains obtained via OSINT are tested to know if they are alive (only in active mode)
  • Support for webs that requires API token
  • Detects when api key is no longer working (Other tools just throw an error and stops working)
  • Wildcard detection and bypass
  • Custom Port scaning and built-in params for Top100,Top1000 and Top Web ports
  • Colored and uncolored output for easy read
  • Windows and Python 2/3 support (Python 3 is recommended)
  • Highly customizable through arguments
  • Scan more than one domain simultaneously
  • Possibility to use threads for faster bruteforce scans
  • Export output in different formats such as txt, json, html

Buy me a Coffee

"Buy Me A Coffee"

Screenshots

tool_in_action

Passive mode:

tool_in_action

Active mode + port scan:

tool_in_action

OSINT Search Engines

Dome uses these web pages to obtain subdomains

Without API:

  • AlienVault
  • HackerTarget
  • RapidDNS
  • ThreatMiner
  • urlscan.io
  • threatcrowd.org
  • web.archive.org
  • crt.sh
  • bufferover.run
  • CertSpotter
  • Anubis-DB
  • Hunt.io
  • Sonar
  • SiteDossier
  • DNSrepo

With API:

  • VirusTotal
  • Shodan
  • Spyse
  • SecurityTrails
  • PassiveTotal
  • BinaryEdge

TODO List

Feel free to implement this features

  • Add arguments
  • Add DNS wildcard detection and bypass
  • Add port scan and port argument
  • Add colored screen output (also option for no-colour)
  • Add -i option to show the subdomains' IP address
  • Add --silent argument to show nothing on screen
  • Create a dicc structure like {"ip": "domain"} to avoid duplicate port scans
  • Generate output in html and json format, also a txt for subdomains found during scan
  • Add timestamps
  • Recursive scan
  • Autoupdate Script
  • Add more OSINT engines with API token (create config file)
  • Add compatibility with Windows
  • Add compatibility with Python 2.7
  • Add Shodan for passive open ports? (Check requests limit with api key)
  • Add support for domains like .gov.uk (at this moment, the program only works with one level domain like domain.com) (https://publicsuffix.org/list/public_suffix_list.dat)
  • Add precompiled files for Linux and Windows (Mac OS?)
  • Add Spyse as osint engine
  • Added DNS resolvers
  • Implement spyse offset in request to get more subdomains (https://spyse-dev.readme.io/reference/domain_search)
  • Add common prefix to valid subdomains like -testing, -staging, etc
  • Delete wordlists words <= 3 letters if pure bruteforce was made (avoid duplicate connections)
  • Add exclusion file so bug bounty hunters can specify OOS subdomains in order to not print/output them

Usage

Arguments Description Arg example
-m, --mode Scan mode. Valid options: active or passive active
-d, --domain Domains name to enumerate subdomains (Separated by commas) hackerone.com,facebook.com
-w, --wordlist Wordlist containing subdomain prefix to bruteforce subdomains-5000.txt
-i, --ip When a subdomain is found, show its ip
--no-passive Do not use OSINT techniques to obtain valid subdomains
-nb, --no-bruteforce Dont make pure bruteforce up to 3 letters
-p, --ports Scan the subdomains found against specific tcp ports 80,443,8080
--top-100-ports Scan the top 100 ports of the subdomain (Not compatible with -p option)
--top-1000-ports Scan the top 1000 ports of the subdomain (Not compatible with -p option)
--top-web-ports Scan the top web ports of the subdomain (Not compatible with -p option)
-s, --silent Silent mode. No output in terminal
--no-color Dont print colored output
-t, --threads Number of threads to use (Default: 25) 20
-o, --output Save the results to txt, json and html files
--max-response-size Maximun length for HTTP response (Default:5000000 (5MB)) 1000000
--r, --resolvers Textfile with DNS resolvers to use. One per line resolvers.txt
-h, --help Help command
--version Show dome version and exit
-v, --verbose Show more information during execution

Examples

Perform active and passive scan, show the ip adress of each subdomain and make a port scan using top-web-ports. Data will also be written in /results folder:

python dome.py -m active -d domain -w wordlist.txt -i --top-web-ports -o

Perform passive scan in silent mode and write output to files.

python dome.py -m passive -d domain --silent --output

Perform active scan without passive and port scan

python dome.py -m active -d domain -w wordlist.txt --no-passive

Only bruteforce with wordlist

python dome.py -m active -d domain -w wordlist.txt --no-bruteforce

Scan active and passive and perform port scan ONLY in ports 22,80,3306

python dome.py -m active -d domain -w wordlist.txt -p 22,80,3306

Contact

You can contact me at [email protected]

License: for commercial use, contact me at email above

Owner
Vadi
My code is shit but it works. Sometimes. [email protected]
Vadi
CVE-2021-45232-RCE-多线程批量漏洞检测

CVE-2021-45232-RCE CVE-2021-45232-RCE-多线程批量漏洞检测 FOFA 查询 title="Apache APISIX Das

孤桜懶契 36 Sep 21, 2022
Vuln Scanner With Python

VulnScanner Features Web Application Firewall (WAF) detection. Cross Site Scripting (XSS) tests. SQL injection time based test. SQL injection error ba

< / N u l l S 0 U L > 1 Dec 25, 2021
👑 Discovery Header DoD Bug-Bounty

👑 Discovery Header DoD Bug-Bounty Did you know that DoD accepts server headers? 😲 (example: apache"version" , php"version") ? In this code it is pos

KingOfTips 38 Aug 09, 2022
This script allows you to make a onion host instantly.

Installation It only works in Debian based Linux distros. Clone the repo: git clone https://github.com/0xStevenson/Auto-Tor-Host.git Go to the direct

Steven 4 Feb 22, 2022
⛤Keylogger Generator for Windows written in Python⛤

⛤Keylogger Generator for Windows written in Python⛤

FZGbzuw412 33 Nov 24, 2022
A Radare2 based Python module for Binary Analysis and Reverse Engineering.

Zepu1chr3 A Radare2 based Python module for Binary Analysis and Reverse Engineering. Installation You can simply run this command. pip3 install zepu1c

Mehmet Ali KERİMOĞLU 5 Aug 25, 2022
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

Cracker 331 Jan 01, 2023
✨ Powerfull & Universal Link Bypasser ✨

✨ Powerfull & Universal Link Bypasser ✨

Vodkarm06 4 Jun 03, 2022
adb - A tool that allows you to search for vulnerable android devices across the world and exploit them.

adb - An exploitation tool for android devices. A tool that allows you to search for vulnerable android devices across the world and exploit them. Fea

136 Jan 02, 2023
Details,PoC and patches for CVE-2021-45383 & CVE-2021-45384

CVE-2021-45383 & CVE-2021-45384 There are several network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Serv

20 Apr 07, 2022
Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses 🕵️

Profil3r is an OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses. This program also alerts you to the presence of a data leak for

1.1k Aug 24, 2021
Update of uncaptcha2 from 2019

YouTube Video Proof of Concept I created a new YouTube Video with technical Explanation for breaking Google's Audio reCAPTCHAs: Click on the image bel

Nikolai Tschacher 153 Dec 20, 2022
Domain abuse scanner covering domainsquatting and phishing keywords.

🦷 monodon 🐋 Domain abuse scanner covering domainsquatting and phishing keywords. Setup Monodon is a Python 3.7+ programm. To setup on a Linux machin

2 Mar 15, 2022
Exploiting CVE-2021-44228 in Unifi Network Application for remote code execution and more

Log4jUnifi Exploiting CVE-2021-44228 in Unifi Network Application for remote cod

96 Jan 02, 2023
Tools for investigating Log4j CVE-2021-44228

Log4jTools Tools for investigating Log4j CVE-2021-44228 FetchPayload.py (Get java payload from ldap path provided in JNDI lookup). Example command: Re

MalwareTech 91 Dec 29, 2022
Exploit for CVE-2021-3129

laravel-exploits Exploit for CVE-2021-3129

Ambionics Security 228 Nov 25, 2022
Steal Files on a Windows Machine

File-Stealer Steal Files on a Windows Machine About This Script will steal certain Files on a Windows Machine and sends them to a FTP Server. Preview

Marcel 5 Nov 17, 2022
ssh-audit is a tool for ssh server & client configuration auditing.

SSH server & client auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

Joe Testa 1.4k Dec 31, 2022
It's a simple tool for test vulnerability shellshock

Shellshock, also known as Bashdoor, is a family of security bugs in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to ex

Mr. Cl0wn - H4ck1ng C0d3r 88 Dec 23, 2022
Tools ini digunakan untuk krekk pacebuk:v

E-Crack By Aang-XD Fitur Login • Login via token facebook • Login via cookie facebook Install On Termux $ pkg update && pkg upgrade $ pkg install pyth

Aang Ardiansyah-XD 2 Dec 24, 2021