Zzl is a reconnaissance tool that collects subdomains from SSL certificates in IP ranges
go install github.com/DEMON1A/zzl/cmd/zzl@latest
git clone https://github.com/DEMON1A/zzl
cd zzl\
go build cmd\zzl\main.go
main.exe -h
git clone https://github.com/DEMON1A/zzl
cd zzl/
go build cmd/zzl/main.go
./main -h
zzl automatically generates IP addresses between ranges, you just need to specify the start and the end point for the IP generation function
go run cmd\zzl\main.go -start-ip 141.95.90.0 -end-ip 141.95.90.255
You can only use -start-ip
too, zzl is made to generate the end up dynamiclly if it isn't provided, for example if the start ip is 192.168.1.0
zzl would set the end ip dynamically to 192.168.1.255
go run cmd\zzl\main.go -start-ip 141.95.90.0
You can still use zzl to grab SANs from a single domain
go run cmd\zzl\main.go -domain x.com
Here is a one liner for bash to automate this process with many domains
for i in `cat domains.txt`; do zzl -domain $i; done
zzl do validate every single IP address found inside the IP range for both protocols HTTP and HTTPs so it never misses a result, you can set zzl to use a single protocol for validation
go run cmd\zzl\main.go -domain x.com -only-https
go run cmd\zzl\main.go -domain x.com -only-http
You can choose the timeout in seconds, By default it's set to 1
go run cmd\zzl\main.go -domain x.com -timeout 3
This tool is inspired by Zwink's University "Python and Bug bounty" episode, zzl is an enchanced version of his script sslDomain_v3.py