Using the combination of different subdomain enumeration tools and logic this script tries to identify more subdomains and root domains in recon.
Logic
-
Requirements: Go Language, Python 3.+, jq
-
Tools used - You must need to install these tools and place them into /usr/bin folder to use this script
- SubFinder
- Find-domain (Ensure the binary name is findomain-linux in the /usr/bin folder)
- httpx
- anew
- naabu
-
Installation
chmod +x install.sh ./install.sh
-
Usage
./frogy.sh
-
Output
Output will be saved within output/ORG/ORG.master file. If you give 'chintan frogy' as your organization input, then the script will automatically create the 'chintan_frogy' folder inside the 'output' directory.
TODO
- ✅ Efficient folder structure management
- Resolving subdomains using Massdns
- ✅ Add dnscan for extened subdomain enum scope
- ✅ Eliminate false positives. Currently around 2% to 4% false positives are there.
- ✅ Bug Fixed, for false positive reporting of domains and subdomains.
- ✅ Searching domains through crt.sh via registered organization name from WHOIS instead of domain name created some garbage data. Filtered result to only grab domains and nothing else.
- ✅ Now finds live websites on all standard/non-standard ports.
- ✅ Now finds all websites with login portals. It also checks websites home page that redirects to login page automatically upon opening.
- ✅ Now finds live web application based on top 1000 shodan http/https ports through facet analysis. Uses Naabu for fast port scan followed by httpx. (Credit: @nbk_2000)
- Generate CSV (Root domains, Subdomains, Live sites, Login Portals, Technologies used, etc.)
Initial repo created - A few weeks back below date.
Date - 4 March 2019, Open-sourced
Date - 19 March 2021, Major changes
Warning/Disclaimer: Read the detailed disclaimer at my blog - https://github.com/iamthefrogy/Disclaimer-Warning/blob/main/README.md
Logo credit - www.designevo.com