Of course, there are so many hackers running automated code that it’s hard to actually find it. but you’ll find it with lucky. and from the corporate security point of view, you have to check it out. so i share it.
So I just use it for reference in the subdomain. It’s… it’s almost never there on popular target, and it’s often duplicated if it’s vulnerable.
TLDR
$ amass enum -norecursive -noalts -d {target_domain} > {target_domain}.txt ; subjack -w {target_domain}.txt -t 100 -timeout 30 -ssl -c ~/subjack/fingerprints.json -v 3
Replace {target_domain} to your target! (It's convenient to be an editor like IDE or geany)
Pre-install
Amass
Install Amasson Mac
$ brew tap caffix/amass; brew isntall amass
or(on ubuntu with apt)
$ apt-get install amass
or(on docker)
$ docker build -t amass https://github.com/OWASP/Amass.git
$ docker run -v ~/amass:/amass/ amass enum --list
or(with snapcraft)
$ snap install amass
https://github.com/OWASP/Amass/blob/master/doc/install.md
https://www.hahwul.com/2019/09/owasp-amass-dns-enumnetwork-mapping.html
running command:
$ amass enum -d [target domain]Subjack
Install subjack on goget!go get github.com/haccer/subjack
set alias
alias subjack='~/go/bin/subjack'
running command:
subjack -w target.txt -c config_file I've added some more content after watching this(https://twitter.com/C5pider/status/1185672360717893633). thank you, guys!
Write oneline command.
write result file on amass$ amass enum -norecursive -noalts -d {target_domain} > {target_domain}.txt
read subdomain list(-w options) on subjack
$ subjack -w {target_domain}.txt -t 100 -timeout 30 -ssl -c ~/subjack/fingerprints.json -v 3
PPAP
$ amass enum -norecursive -noalts -d {target_domain} > {target_domain}.txt ; subjack -w {target_domain}.txt -t 100 -timeout 30 -ssl -c ~/subjack/fingerprints.json -v 3
Conclusion
The majority of bounty hunters are turning all the domains in the Bergbounty scope. It’s a perfect time fight.https://github.com/arkadiyt/bounty-targets-data
and ... If you use FDSN(https://opendata.rapid7.com/sonar.fdns_v2/), you can get a lot of domains.
 |
HAHWULSecurity engineer, Gopher and H4cker!
 |
i love your theme. Can u share the source name plz?
ReplyDeleteno name.. it is my custom theme.
DeleteThis is the error I am facing, How can I proceed further.
ReplyDeleteopen /root/subjack/fingerprints.json: no such file or directory
Did you install it with a go get? That file exists within the go package, usually it is being created in the subjack directory of the account you have installed.
DeleteI think it's good to check the account that did installed, and if it's not in that account's directory, look it up with find etc.
Another option is to download this file and specify the path to it yourself.
https://github.com/haccer/subjack/blob/master/fingerprints.json
e.g
$ amass enum -norecursive -noalts -d {target_domain} > {target_domain}.txt ; subjack -w {target_domain}.txt -t 100 -timeout 30 -ssl -c ~/download/fingerprints.json -v 3
Tips.
ReplyDelete$ vim sub2.sh
amass enum -norecursive -noalts -d $1 > $1.txt ; subjack -w $1.txt -t 100 -timeout 30 -ssl -c ~/subjack/fingerprints.json -v 3
$./sub2.sh google.com
Wow, this link is added to Amass readme(https://github.com/OWASP/Amass)! Thank you for everyone.
ReplyDelete