Using the combination of different subdomain enumeration tools and logic this script tries to identify more subdomains and TLDs in recon.
Logic
-
Requirements: Go Language, Python 3.+, jq
-
Tools used - You must need to install these tools and place them into /usr/bin folder to use this script
You might require to install WHOIS and JQ depending upon your enviroment. You can install them using the following commands:
apt install jq apt install whois
-
Installation
git clone https://github.com/iamthefrogy/frogy.git cd frogy chmod +x frogy.sh git clone https://github.com/aboul3la/Sublist3r.git git clone https://github.com/rbsec/dnscan.git -
Usage
./frogy.sh
-
Output
Output will be saved within output/ORG/ORG.master file. If telsa.com is your target then output file Of all the subdomains will be output/telsa/tesla.master and all the TLDs will be recorded in the output/tesla/tld.txtls file.
TODO
- ✅
Efficient folder structure management - ✅
Resolving subdomains using Massdns - ✅
Add dnscan for extened subdomain enum scope - ✅
Add scope for extened subdomain enum scope - ✅
Eliminate false positives. Currently around 2% to 4% false positives are there. - ✅
Bug Fixed, for false positive reporting of domains and subdomains. - ✅
Searching domains through crt.sh via registered organization name from WHOIS instead of domain name created some garbage data. Filtered result to only grab domains and nothing else.
Initial repo created - A few weeks back below date.
Date - 4 March 2019, Open-sourced
Date - 19 March 2021, Major changes
Warning/Disclaimer: Read the detailed disclaimer at my blog - https://github.com/iamthefrogy/Disclaimer-Warning/blob/main/README.md
Logo credit - www.designevo.com