/find-subdomains

Abusing Certificate Transparency logs for getting HTTPS websites subdomains. (通过 HTTPS 证书透明日志,以 **非字典爆破** 的方式获取网站子域名。)

Primary LanguageJavaScript

find-subdomains

Do you miss AXFR technique? This tool allows to get the subdomains from a HTTPS website in a few seconds.
How it works? find-subdomains does not use neither dictionary attack nor brute-force, it just abuses of Certificate Transparency logs.
For more information about CT logs, check www.certificate-transparency.org and crt.sh.

Getting Started

Please, follow the instructions below for installing and run find-subdomains.

Pre-requisites

Make sure you have installed the following tools:

# Installing Node.js via package manager
https://nodejs.org/en/download/package-manager/
# Installing Yarn (Node.js dependency management tools, Like python-pip)
https://yarnpkg.com/en/docs/install

Installing

# 1. Global install
$ yarn global add find-subdomains
# 1.1 Running
$ find-subdomains github.com

# Or

# 2. Clone from GitHub
$ git clone https://github.com/monkeym4ster/find-subdomains.git
$ cd find-subdomains
$ yarn install
# 2.1 Running
$ node find-subdomains.js github.com

Running

$ node find-subdomains.js

Thanks