
Listing subdomains about a main domain

Primary LanguagePythonGNU General Public License v3.0GPL-3.0


Listing subdomains about a main domain using the technique called Hacking with search engines.


You can download the latest version of N4xD0rk by cloning the GitHub repository:

 git clone https://github.com/n4xh4ck5/N4xD0rk.git

Install the dependencies via pip:

 pip install -r requirements.txt 

To install properly phantomJS follow the next steps:

Linux (Debian, Ubuntu, Kali)

apt-get update && apt-get install phantomjs

Linux (other distributions)

Get the latest phantomjs program. The current version was 2.1.1 at the time of writing this tutorial.



Download it on your system (choose 32 or 64bits) and untar it wherever you want, let's say /opt

$ cd /opt

$ wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2

$ tar xvf phantomjs-2.1.1-linux-x86_64.tar.bz2

Make a symlink to the phantomjs binary in your /usr/local/bin directory

$ ln -s /opt/phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/local/bin/phantomjs

Execute the binary with the -v option to check that everything works

$ phantomjs -v



usage: n4xd0rk.py [-h] -t TARGET -n NUMBER [-e EXPORT] [-l LANGUAGE]
                  [-c CAPTURE]

This script searchs the subdomains about a domain using the results indexed of Google and Bing search.

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        The domain or IP which wants to search.
  -n NUMBER, --number NUMBER
                        Indicate the number of the search which you want to do.
  -e EXPORT, --export EXPORT
                        Export the results to a json file (Y/N)
                         Format available:
  -l LANGUAGE, --language LANGUAGE
                        Indicate the language of the search
  -c CAPTURE, --capture CAPTURE
                        Indicate if you want to take a screenshot of each web (y/n)


python n4xd0rk.py -t apple.com -n 1

	   _   _ _  _        _____   ___       _ 
	  | \ | | || |      |  __ \ / _ \     | |
	  |  \| | || |___  _| |  | | | | |_ __| | __
	  | . ` |__   _\ \/ / |  | | | | | '__| |/ /
	  | |\  |  | |  >  <| |__| | |_| | |  |   < 
	  |_| \_|  |_| /_/\_\_____/ \___/|_|  |_|\_\  

	** Tool to search the subdomains about a domain using the results indexed of Google and Bing search
    ** Author: Ignacio Brihuega Rodriguez a.k.a N4xh4ck5
    ** DISCLAMER This tool was developed for educational goals. 
    ** The author is not responsible for using to others goals.
    ** A high power, carries a high responsibility!
    ** Version 2.1
This script obtains the IP associated a domain

 			Example of usage: python n4xd0rk.py -t apple.com -n 5 

Looking domains and subdomains of target apple.com

 Domains and subdomains of apple.com are:

	- www.apple.com [23.XXX.XX.83]

	- communities.apple.com [23.XXX.XXX.242]

	- selfsolve.apple.com [88.XXX.XXX.168]

	- checkcoverage.apple.com [88.XXX.XXX.168]

	- support.apple.com [104.XXX.XXX.98]

	- itunes.apple.com [23.XXX.XXX.95]

	- araes.apple.com [17.XXX.XXX.53]


Ignacio Brihuega RodrĂ­guez aka n4xh4ck5

Twitter: @n4xh4ck5

Web: fwhibbit.es


The use of this tool is your responsability. I hereby disclaim any responsibility for actions taken with this tool.