Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

Overview

DOME - A subdomain enumeration tool

Version Build Build Contributions Welcome

Alt Text

Check the Spanish Version

Dome is a fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports. This tool is recommended for bug bounty hunters and pentester in their reconnaissance phase.

the more surface area exposed the faster a rock with break down

If you want to use more OSINT engines, fill the config.api file with the needed API tokens

Passive Mode:

Use OSINT techniques to obtain subdomains from the target. This mode will not make any connection to the target so it is undetectable. The basic use of this mode is:

python dome.py -m passive -d domain

Active Mode:

Perform bruteforce attacks to obtain alive subdomains. There are 2 types of bruteforce:

  • Pure Bruteforce: Check subdomains from a.domain.com to zzz.domain.com (26 + 26^2 + 26^3 = 18278 subdomains) this bruteforce can be disabled with -nb, --no-bruteforce
  • Wordlist based: Use a custom wordlist provided by the user using the flag -w, --wordlist. If no wordlists is specified, this mode won't be executed

This mode will also make passive mode attack but in this case, the connection is tested to ensure the subdomain is still alive. To disable passive scan in active scan mode, use --no-passive flag

The basic use of this mode is:

python dome.py -m active -d domain -w wordlist.txt

Add -p option or a built-it port option (see usage menu) to perform port scanning

python dome.py -m active -d domain -w wordlist.txt -p 80,443,8080

Installation

You can run Dome with Python 2 or 3. Python3 is recommended

Install the dependencies and run the program

git clone https://github.com/v4d1/Dome.git
cd Dome
pip install -r requirements.txt
python dome.py --help

Top Features

  • Easy to use. Just install the requirements.txt and run
  • Active and Passive scan (read above)
  • Faster than other subdomain enumeration tools
  • 7 different resolvers/nameservers including google, cloudfare (fastest), Quad9 and cisco DNS (use --resolvers filename.txt to use a custom list of resolvers, one per line)
  • Up to 21 different OSINT sources
  • Subdomains obtained via OSINT are tested to know if they are alive (only in active mode)
  • Support for webs that requires API token
  • Detects when api key is no longer working (Other tools just throw an error and stops working)
  • Wildcard detection and bypass
  • Custom Port scaning and built-in params for Top100,Top1000 and Top Web ports
  • Colored and uncolored output for easy read
  • Windows and Python 2/3 support (Python 3 is recommended)
  • Highly customizable through arguments
  • Scan more than one domain simultaneously
  • Possibility to use threads for faster bruteforce scans
  • Export output in different formats such as txt, json, html

Buy me a Coffee

"Buy Me A Coffee"

Screenshots

tool_in_action

Passive mode:

tool_in_action

Active mode + port scan:

tool_in_action

OSINT Search Engines

Dome uses these web pages to obtain subdomains

Without API:

  • AlienVault
  • HackerTarget
  • RapidDNS
  • ThreatMiner
  • urlscan.io
  • threatcrowd.org
  • web.archive.org
  • crt.sh
  • bufferover.run
  • CertSpotter
  • Anubis-DB
  • Hunt.io
  • Sonar
  • SiteDossier
  • DNSrepo

With API:

  • VirusTotal
  • Shodan
  • Spyse
  • SecurityTrails
  • PassiveTotal
  • BinaryEdge

TODO List

Feel free to implement this features

  • Add arguments
  • Add DNS wildcard detection and bypass
  • Add port scan and port argument
  • Add colored screen output (also option for no-colour)
  • Add -i option to show the subdomains' IP address
  • Add --silent argument to show nothing on screen
  • Create a dicc structure like {"ip": "domain"} to avoid duplicate port scans
  • Generate output in html and json format, also a txt for subdomains found during scan
  • Add timestamps
  • Recursive scan
  • Autoupdate Script
  • Add more OSINT engines with API token (create config file)
  • Add compatibility with Windows
  • Add compatibility with Python 2.7
  • Add Shodan for passive open ports? (Check requests limit with api key)
  • Add support for domains like .gov.uk (at this moment, the program only works with one level domain like domain.com) (https://publicsuffix.org/list/public_suffix_list.dat)
  • Add precompiled files for Linux and Windows (Mac OS?)
  • Add Spyse as osint engine
  • Added DNS resolvers
  • Implement spyse offset in request to get more subdomains (https://spyse-dev.readme.io/reference/domain_search)
  • Add common prefix to valid subdomains like -testing, -staging, etc
  • Delete wordlists words <= 3 letters if pure bruteforce was made (avoid duplicate connections)
  • Add exclusion file so bug bounty hunters can specify OOS subdomains in order to not print/output them

Usage

Arguments Description Arg example
-m, --mode Scan mode. Valid options: active or passive active
-d, --domain Domains name to enumerate subdomains (Separated by commas) hackerone.com,facebook.com
-w, --wordlist Wordlist containing subdomain prefix to bruteforce subdomains-5000.txt
-i, --ip When a subdomain is found, show its ip
--no-passive Do not use OSINT techniques to obtain valid subdomains
-nb, --no-bruteforce Dont make pure bruteforce up to 3 letters
-p, --ports Scan the subdomains found against specific tcp ports 80,443,8080
--top-100-ports Scan the top 100 ports of the subdomain (Not compatible with -p option)
--top-1000-ports Scan the top 1000 ports of the subdomain (Not compatible with -p option)
--top-web-ports Scan the top web ports of the subdomain (Not compatible with -p option)
-s, --silent Silent mode. No output in terminal
--no-color Dont print colored output
-t, --threads Number of threads to use (Default: 25) 20
-o, --output Save the results to txt, json and html files
--max-response-size Maximun length for HTTP response (Default:5000000 (5MB)) 1000000
--r, --resolvers Textfile with DNS resolvers to use. One per line resolvers.txt
-h, --help Help command
--version Show dome version and exit
-v, --verbose Show more information during execution

Examples

Perform active and passive scan, show the ip adress of each subdomain and make a port scan using top-web-ports. Data will also be written in /results folder:

python dome.py -m active -d domain -w wordlist.txt -i --top-web-ports -o

Perform passive scan in silent mode and write output to files.

python dome.py -m passive -d domain --silent --output

Perform active scan without passive and port scan

python dome.py -m active -d domain -w wordlist.txt --no-passive

Only bruteforce with wordlist

python dome.py -m active -d domain -w wordlist.txt --no-bruteforce

Scan active and passive and perform port scan ONLY in ports 22,80,3306

python dome.py -m active -d domain -w wordlist.txt -p 22,80,3306

Contact

You can contact me at [email protected]

License: for commercial use, contact me at email above

Owner
Vadi
My code is shit but it works. Sometimes. [email protected]
Vadi
Tool to scan for RouterOS (Mikrotik) forensic artifacts and vulnerabilities.

RouterOS Scanner Forensics tool for Mikrotik devices. Search for suspicious properties and weak security points that need to be fixed on the router. T

Microsoft 823 Dec 21, 2022
Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source

Infoga - Email OSINT Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pg

m4ll0k (mallok) 1.8k Jan 04, 2023
Convert a collection of features to a fixed-dimensional matrix using the hashing trick.

FeatureHasher Convert a collection of features to a fixed-dimensional matrix using the hashing trick. Note, this requires Jina=2.2.4. Example Here I

Jina AI 5 Mar 15, 2022
Bypass 4xx HTTP response status codes.

Forbidden Bypass 4xx HTTP response status codes. To see all the test cases, check the source code - follow the NOTE comments. Script uses multithreadi

Ivan Šincek 165 Dec 28, 2022
Gmail Accounts Hacking

gmail-hack Gmail Accounts Hacking Gemail-Hack python script for Hack gmail account brute force What is brute force attack? In brute force attack,scrip

Aryan 25 Nov 10, 2022
This a simple tool XSS Detection Suite for CTFs games

This a simple tool XSS Detection Suite for CTFs games

Mostafa 2 Nov 24, 2021
Cracker - Tools CRACK FACEBOOK DAN INSTAGRAM DENGAN FITUR BANYAK

CLOME TO TOOLS ME 😁 FITUR TOOLS RESULTS INSTALASI ____/-- INSTALLASI /+/+/+/ t

Jeeck X Nano 3 Jan 08, 2022
Delta Sharing: An Open Protocol for Secure Data Sharing

Delta Sharing: An Open Protocol for Secure Data Sharing Delta Sharing is an open protocol for secure real-time exchange of large datasets, which enabl

Delta Lake 497 Jan 02, 2023
Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp

cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp replace [zbx_signed_session

东方有鱼名为咸 135 Dec 14, 2022
LaxrFar Python Obfuscator

LaxrFar Python Obfuscator Usage First do the things from "Upload to Webserver" o

LaxrFar 5 Jul 19, 2022
CamOver is a camera exploitation tool that allows to disclosure network camera admin password.

CamOver is a camera exploitation tool that allows to disclosure network camera admin password. Features Exploits vulnerabilities in most popul

EntySec 247 Jan 02, 2023
NS-Defacer: a auto html injecter, In other words It's a auto defacer to deface a lot of websites in less time

Overview NS-Defacer is a auto html injecter, In other words It's a auto defacer

NightSec 10 Nov 19, 2022
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

MurMurHash This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. What is MurMurHash? Murm

Viral Maniar 87 Dec 31, 2022
Generate malicious files using recently published bidi-attack (CVE-2021-42574)

CVE-2021-42574 - Code generator Generate malicious files using recently published bidi-attack vulnerability, which was discovered in Unicode Specifica

js-on 7 Nov 09, 2022
Burp Extensions

Burp Extensions This is a collection of extensions to Burp Suite that I have written. getAllParams.py - Version 1.2 This is a python extension that ru

/XNL-h4ck3r 364 Dec 30, 2022
AutoScan 有多个目标时,调用xray+rad进行自动扫描

Usage: 在高级版Xray和rad同目录下运行 python3 X-AutoXray.py xxxx.txt 写的蛮人性化的哦,os,linux,windows通用 生成的xray报告会在当前目录的/result下面 Ctrl+c 打断脚本运行时还可以结算扫描进度,生成已扫描和未扫描的进度文件,

斯文 73 Jan 01, 2023
DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

vijay sahu 12 Dec 17, 2022
Visius Heimdall is a tool that checks for risks on your cloud infrastructure

Heimdall Cloud Checker 🇧🇷 About Visius is a Brazilian cybersecurity startup that follows the signs of the crimson thunder ;) 🎸 ! As we value open s

visius 48 Jun 20, 2022
High level cheatsheet that was designed to make checks on the OSCP more manageable

High level cheatsheet that was designed to make checks on the OSCP more manageable. This repository however could also be used for your own studying or for evaluating test systems like on HackTheBox

Jacob Scheetz 89 Jan 01, 2023