Vita is a tool to gather subdomains from passive sources much like tomnomnom's assetfinder.

Precompiled binaries for vita are available in the releases tab. Just pick your platform and extract the archive that contains the binary.

If you want to build it yourself you will need to install Rust, you can get the official installation from the Rust website.

To build Vita:

$ git clone https://github.com/junnlikestea/vita
$ cd vita
$ cargo build --release
$ ./target/release/vita --version

With a single domain, and collect data from Apis' which don't require keys.:

vita -d hackerone.com

by default the results will be unique, and will filter subdomains not related to your root domain, or domains if you choose to supply multiple.

With a list of domains from a file:

vita -f path/to/domains.txt

With a list of domains from stdin:

vita < /path/to/domains.txt

For a large host RapidDNS can slow vita down quite a bit, if you want to exclude it from the sources just add the -e flag.

vita -d hackerone.com -e

If you want to include sources which require API keys, add the -a or -all flag, for example:

vita -d hackerone.com -a

By default it will just ignore services you don't supply keys for.

• C99
• AnubisDB
• Alienvault
• Binaryedge - be careful running this on a large host if you have a free license. Vita fetches every page of results.
• Certspotter
• Crt.sh
• Hackertarget
• Threatcrowd
• VirusTotal
• Sublis3r
• Security Trails
• Spyse
• Urlscan.io
• Facebook
• Threatminer
• wayback machine
• dns.bufferover.run
• IntelligenceX
• PassiveTotal
• RapidDNS

Add a .env file to the tool directory or add the following to your existing .env file:

• Binaryedge:
  • Needs BINARYEDGE_TOKEN set
• Facebook:
  • Needs FB_APP_ID and FB_APP_SECRET set.
• Spyse:
  • Needs SPYSE_TOKEN set.
• Security Trails:
  • Needs SECURITY_TRAILS_KEY set.
• C99:
  • Needs C99_KEY set.
• PassiveTotal:
  • Needs PASSIVETOTAL_KEY and PASSIVETOTAL_SECRET set
  • Can be found under the account settings page.
• IntelligenceX:
  • Needs INTELX_KEY and INTELX_URL to be set
  • Can be found udner the developer tab

If you hit rate limits or authentication fails, the source will just be ignored from the list of potential sources.

Vita uses Rust's async-std library under the hood. Several environment variables can be used to tune the performance:

• ASYNC_STD_THREAD_COUNT: The number of threads that the async-std runtime will start. By default, this is one per logical cpu. which may be different than the number of physical cpus. Async-std will panic if this is set to any value other than a positive integer.

• ASYNC_STD_THREAD_NAME: The name that async-std's runtime threads report to the operating system.

• The default value is "async-std/runtime".

Currently Vita will limit the search for data to 200 root domains concurrently. If you would like for me to set this number as a command line flag, please raise an issue.

• Add more paid sources.
• Write some documentation for the underlying library that Vita uses, and prepare publish to crates.io.
• Optimise performance further.

Developers have/has no responsibility or authority over any kind of:

• Legal or Law infringement by third parties and users.
• Malicious use capable of causing damage to third parties.
• Illegal or unlawful use of vita.

Thanks to 0xatul for the feedback!