Skip to content

Commit

Permalink
Add altdns to the enumeration process
Browse files Browse the repository at this point in the history
  • Loading branch information
moh-nur committed Mar 19, 2020
1 parent 0f2288a commit d74c655
Show file tree
Hide file tree
Showing 3 changed files with 260 additions and 12 deletions.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ Long term goal is to standarize the enumeration and filtering so that code can b

``~/tools/masscan/bin/masscan -iL [FILE] --rate 1500 -p0-65535 > masscan.txt ``

###Use altdns to find premutations all subdomains

``python3 ~/tools/altdns/altdns -i [FILE] -o permutations.txt -w ~/netsec/crimson_recon/wordlists/altdns_words.txt -r -s [NEWFILE]``

###Use EyeWitness to take snapshot of all subdomains

``~/tools/EyeWitness/EyeWitness.py -f [FILE] --web --proxy-ip 127.0.0.1 --proxy-port 8080``
Expand Down
36 changes: 24 additions & 12 deletions crimson_recon.py
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@
os.makedirs(companyDir)

amassDir = str(pathlib.Path.home())+"/tools/amass"
altdnsDir = str(pathlib.Path.home())+"/tools/altdns/altdns"
if not args.noasn:
print ("Retrieving asn list")
process = subprocess.run([amassDir+"/amass intel -org "+name],
Expand Down Expand Up @@ -146,14 +147,14 @@

subdomainList = list()

print ("passively scraping subdomains using amass enum")
amassProcess = subprocess.run([amassDir+"/amass enum -passive -d "+args.domain],
cwd=amassDir,
shell=True,
stdout=subprocess.PIPE,
universal_newlines=True)
amassSubdomainList = amassProcess.stdout.split("\n")
subdomainList+=amassSubdomainList
# print ("passively scraping subdomains using amass enum")
# amassProcess = subprocess.run([amassDir+"/amass enum -passive -d "+args.domain],
# cwd=amassDir,
# shell=True,
# stdout=subprocess.PIPE,
# universal_newlines=True)
# amassSubdomainList = amassProcess.stdout.split("\n")
# subdomainList+=amassSubdomainList

print ("Brute forcing domain names using gobuster")
process = subprocess.run(["gobuster dns -d "+args.domain+" -z -q -w "+wordlistFolder+"/subdomains-top1million-5000.txt"],
Expand Down Expand Up @@ -205,16 +206,27 @@
if not os.path.exists(companyDir):
os.makedirs(companyDir)

domainResults = companyDir+"/"+name+"_domains.txt"
with open(domainResults, 'w') as f:
for domain in domainSet:
f.write("%s\n" % domain)
if not args.noasn:
domainResults = companyDir+"/"+name+"_domains.txt"
with open(domainResults, 'w') as f:
for domain in domainSet:
f.write("%s\n" % domain)

subDomainResults = companyDir+"/"+name+"_subdomains.txt"
with open(subDomainResults, 'w') as f:
for subdomain in subdomainSet:
f.write("%s\n" % subdomain)

premutations = companyDir+"/"+name+"_premutations.txt"
additionalsubDomains = companyDir+"/"+name+"_subdomains_altdns.txt"
print ("Brute forcing additional subdomains using altdns premutations")
process = subprocess.run(["python3 "+ altdnsDir +" -i " + subDomainResults +" -o "+ premutations + " -w " + wordlistFolder + "/altdns_words.txt -r -s " + additionalsubDomains],
shell=True,
stdout=subprocess.PIPE,
universal_newlines=True)

os.remove(premutations)

ts = time.time()
sttime = datetime.datetime.fromtimestamp(ts).strftime('%Y%m%d_%H:%M:%S - ')
with open(companyDir+"/"+name+"_lastrun.txt", 'w') as f:
Expand Down
232 changes: 232 additions & 0 deletions wordlists/altdns_words.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,232 @@
1
10
11
12
13
14
15
16
17
18
19
2
20
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
3
4
5
6
7
8
9
a
acc
accept
accounts
admin
admin1
administrator
akali
akamai
alpha
alt
america
analytics
api
api1
api-docs
apollo
april
aws
b
backend
beta
billing
boards
box
brand
brasil
brazil
bucket
bucky
c
cdn
cf
chef
ci
client
cloudfront
cms
cms1
cn
com
confluence
container
control
data
dec
demo
dev
dev1
developer
devops
docker
docs
drop
edge
elasticbeanstalk
elb
email
eng
engima
engine
engineering
eu
europe
europewest
euw
euwe
evelynn
events
feb
fet
firewall
forms
forum
frontpage
fw
games
germany
gh
ghcpi
git
github
global
hkg
hw
hwcdn
i
ids
int
internal
jenkins
jinx
july
june
kor
korea
kr
lan
las
latin
latinamerica
lax
lax1
lb
loadbalancer
login
machine
mail
march
merch
mirror
na
nautilus
net
netherlands
nginx
nl
node
northamerica
nov
oceania
oct
ops
org
origin
page
pantheon
pass
pay
payment
pc
php
pl
poland
preferences
priv
private
prod
production
profile
profiles
promo
promotion
proxy
redirector
region
repo
repository
reset
restrict
restricted
reviews
s
s3
sandbox
search
secure
security
sept
server
service
singed
skins
spring
ssl
staff
stage
stage1
staging
static
support
swagger
system
t
train
training
team
test
test1
testbed
testing
testing1
tomcat
tpe
tr
trial
tur
turk
turkey
twitch
uat
v1
v2
vi
vpn
w3
web
web1
webapp
westeurope
z

0 comments on commit d74c655

Please sign in to comment.