Using the combination of different subdomain tools it tries to identify more subdomains using combination of bruteforce and other techniques.
WARNING
The script logic will be used in one of my friend's paid tool with some other capabilities. Hence, I am not planning to open-source it for a couple of months. After June, I have plans to open-source it. I would suggest, run this in your sandbox environment if you don't trust the encrypted code, and you can also monitor traffic if you want. I have no intentions to steal any of your system's data. Kindly run it at your own concern and risk. I won't be responsible for any sort of liabilities.
-
Requirements: Go Language, Python 3.+, jq
-
Tools used - You must need to install these tools and place them into /usr/bin folder to use this script
- SubFinder - Ensure the binary name must be 'subfinder' only
- Assetfinder - Ensure the binary name must be 'assetfinder' only
- Find-domain - Ensure the binary name must be 'findomain-linux' only
- httprobe - Ensure the binary name must be 'httprobe' only
- anew - Ensure the binary name must be 'anew' only
- massdns - Ensure the binary name must be 'massdns' only
You might require to install WHOIS and JQ depending upon your enviroment. You can install them using the following commands:
apt install jq apt install whois
-
Installation
git clone https://github.com/iamthefrogy/frogy.git cd frogy chmod +x frogy.sh.x
-
Usage
./frogy.sh.x
TODO
- ✅
Efficient folder structure management - ✅
Resolving subdomains using Massdns - ✅
Add dnscan for extened subdomain enum scope - ✅
Add scope for extened subdomain enum scope - ✅ Eliminate false positives. Currently around 7% to 10% false positives are there.
- ✅ Subdomain discovery through alterations and permutations (Altdns integration)
Warning: This is just a research project. Kindly use it with caution and at your own risk.