Sub-Drill
A very [very] simple and pipe-able script for finding subdomains based on [free] online services without any dependency to API-keys for penetration testers and bug bounty hunters.
usage:
chmod +x Sub-Drill.sh
./Sub-Drill.sh [Domain.Com] [optional-output-file]
Used services:
- threatcrowd
- hackertarget
- crt.sh
- certspotter
- spyse.com
- bufferover.run [tls,dns]
- urlscan.io
- synapsint.com
- jldc.me (anubis)
- omnisint.io (SonarSearch)
- alienvault [otx]
- riddler.io
- suip.biz [Amass,Subfinder]
- rapiddns.io
- web.archive.org
Dependencies:
- Curl
jq