/subdomain-brute

a multithreaded fast tool to preform active subdomain enumeration

Primary LanguageRust

subdomain brutforce in rust GitHub last commit

an active subdomain enum tool based on research on NOERROR & NODATA

a simple multithreaded tool to preform active domain enumeration, unlike some other tools this tool doesn't ignore NODATA responses returned from DNS server instead it add them to queue to re-scan them

ENT

also known as empty non-terminals , this response is the result of the following scenario -we have a domain called example.com -then we decided to add a subdomain called blog.dev.example.com -despite not adding a dev.example.com entry it's automatically created -in this case dev.example.com return NODATA response

in order to make out the most of this tool always use -r option which will rescan ENT (if it found dev.example.com (ENT) it will bruteforce it again which will result in finding blog.dev.example.com

usage

USAGE:
    subdomains_brute <target> [FLAGS]

FLAGS:
    -w, --wordlist          the path to wordlist
    -c, --Concurrency       the number of concurent requests
    -r, --recursive         re-scan ENT nodes

ARGS:
    <target>    The target to scan (e.g:google.com)

DNS

-the script use cloudflare DNS server

code_snippet

but you could change this to desired DNS server by changing the ip in this code snippet and it should work fine

installation

git clone https://github.com/hazemeldoc/subdomain-brute.git
cd subdomain-brute
cargo build       >> you migh get some warnings during build kindly ignore them

sample run

RUN