Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in a fast and comprehensive way.
Features
For a recent time, Sudomy has these 13 features:
- Easy, light, fast, and powerful. A bash script is available by default in almost all Linux distributions. By using the bash script multiprocessing feature, all processors will be utilized optimally.
- Subdomain enumeration process can be achieved by using active method or passive method
- Active Method
- Sudomy utilizes Gobuster tools because of its highspeed performance in carrying out the DNS Subdomain Bruteforce attack (wildcard support). The wordlist that is used comes from combined SecList (Discover/DNS) lists which contain around 3 million entries
- Passive Method
- By selecting good third-party sites, the enumeration process can be optimized. More results will be obtained with less time required. Sudomy can collect data from these well-curated 20 third-party sites:
https://dnsdumpster.com https://web.archive.org https://shodan.io https://virustotal.com https://crt.sh https://www.binaryedge.io https://securitytrails.com https://sslmate.com/certspotter https://censys.io https://threatminer.org https://dns.bufferover.run https://hackertarget.com https://www.threatcrowd.org https://riddler.io https://findsubdomains.com https://rapiddns.io/ https://otx.alienvault.com/ https://index.commoncrawl.org/ https://urlscan.io/
- By selecting good third-party sites, the enumeration process can be optimized. More results will be obtained with less time required. Sudomy can collect data from these well-curated 20 third-party sites:
- Active Method
- Test the list of collected subdomains and probe for working....
Author
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- LiveSeptember 5, 2024"40 Steps" Satellite Security - Registration for LIVE WORKSHOP IS NOW ON!
- LiveAugust 21, 2024"40 Steps" Game Hacking - Registration for LIVE WORKSHOP IS NOW ON!
- BlogDecember 13, 2022What are the Common Security Weaknesses of Cloud Based Networks?
- BlogOctober 12, 2022Vulnerability management with Wazuh open source XDR
Subscribe
0 Comments
Newest