Giter VIP home page Giter VIP logo

findomain / findomain Goto Github PK

View Code? Open in Web Editor NEW
3.2K 58.0 362.0 34.45 MB

The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.

Home Page: https://findomain.app

License: GNU General Public License v3.0

Rust 90.27% Shell 3.46% Roff 5.91% Dockerfile 0.36%
bugbounty dns osint subdomains

findomain's Issues

Support for Telegram webhooks?

Hi! Thanks for creating this tool. I was reading your article in Medium, as you suggested I am opening an issue to request a new webhook if possible: Telegram.

Thanks Again!

Subdomain Alerts

Hi

First of all awesome tool but I think it lacks one of the main purposes of the subdomain tools of alerting the user if some asset is pushed in the wild and instead user have to run the tool in some time and manually review which domain had been in the past and which one is new. Quite a hectic task but it would be cool if you integrate it in your new releases.

Cheers!

add quiet mode

Hi,
Findomain is a very verbose tool. It outputs a lot of things to stdout that make automation/piping hard. For example, I can't do something like findomain -t example.com -r | httprobe.

It would be really nice if you can add a quiet mode with a --quiet/-q flag that will make the tool output subdomains only without any of the extra text such as Searching in the * API and A total of * subdomains were found etc. Just subdomains!

Save only resolved subdomains

Hi,

Would be great to have the option to save a list of subdomains which are live (resolved).
That would be useful in automation, as the output can be fed into other tools without cutting/grepping first.

Thanks!

Error trying to connect

Hi,

Wanted to test your tool and got these errors:

root@2d9bdeceecc7:/opt# ./findomain-linux -V
findomain 0.2.1
root@2d9bdeceecc7:/opt# ./findomain-linux -a -t microsoft.com

Target ==> microsoft.com

Searching in the CertSpotter API... ๐Ÿ”
An error โŒ as occured while procesing the request in the CertSpotter API. Error description: error trying to connect

Searching in the Crtsh API... ๐Ÿ”
An error โŒ as occured while procesing the request in the Crtsh API. Error description: error trying to connect

Searching in the Virustotal API... ๐Ÿ”
An error โŒ as occured while procesing the request in the Virustotal API. Error description: error trying to connect

Searching in the Sublist3r API... ๐Ÿ”
An error โŒ as occured while procesing the request in the Sublist3r API. Error description: error trying to connect

Searching in the Facebook API... ๐Ÿ”
An error โŒ as occured while procesing the request in the Facebook API. Error description: error trying to connect

Findomain 3.0 broke the output format

I've just updated findomain to 3.0 and noticed the output txt file is no more one subdomain per line, the output is continuous now.

This is happening when using file as input, single target domain and for both output methods, -o and -u.

Look like the new line code is missing.

Consider using structopt

You're currently using clap directly, in case you aren't aware of it you can give structopt a try, it makes it easier to access the parsed arguments. Real life example can be found here.

If you're interested I can prepare a PR for this.

False positive "target is invalid"

Hi @Edu4rdSHL,
Thanks for the last update, it looks good, but unfortunately there is an error.

git clone https://github.com/Edu4rdSHL/findomain.git -b develop # Only the develop branch is needed
cd '/home/user/findomain'
git pull
cargo build --release
sudo cp target/release/findomain /usr/bin/
cd
  1. $ findomain -f "/URLsToScan.txt" -u '/URLsToScanDONE.txt'

  2. Error: Target is invalid, please try again.

ExampleURLs in the file:

0769.it
1337pool.net
1dig.pro
1isolution.com
1stminingpool.com

When the error occurs, the program stops working.

Agregar estado de respuesta y tecnologia

Estaria bueno agregar un status response y tecnologia usada (un fingerprint rapido), como lo hace la herramienta knockpy, esta herramienta te brinda codigos de estado (400,200,etc) tipo (host,alias) ip, dominio y servidor (apache, iis, etc).
Gracias por tu herramienta, se convirtio en mi favorita, saludos desde Argentina

Add Support for: archive.org ( #7 )

Slack webhook timeout error

Hi,
I've recently noticed quite a bit of timeout for the slack webhook. This is both when using high number of threads like 200 and also while running it in default mode.

-i flag as the optional feature

Really appreciate your work @Edu4rdSHL , Many thanks for your works. Please find below as the optional request for findomain

Can we please have -i as the optional feature as it has been removed/ replaced by -r since 0.3.0 .

Sometimes it is very useful to identify the content behind the ip patterns , example : by observing one ip we can guess all the similar ips will have the firewall enables or etc etc. which really saves a lots of time.

Thanks Again @Edu4rdSHL , this is a great tool :) ๐Ÿ‘

Error: IO error

Hi.

Thanks for your work.

I have some problem on Windows Server, Windows 7, Kali Linux.

Pic related.

White IP, no firewall, stable connection, admin rights.

Thanks.
issue

Specify filename on output

Hi, I noticed that using the precompiled binary I am able to specify a filename to put the results in like, ./findomain --output subdomains.txt --target example.com but I cant if I install it using the source code. I did make a hacky way of this on the code locally but I guess it would be nice if you could add this functionality.

  1. In src/cli.yml
    output:
    [...]
    takes_value: true

  2. In src/main.rs
    if matches.is_present("target") && matches.is_present("output") {
    let target = matches.value_of("target").unwrap().to_string();
    let output = matches.value_of("output").unwrap().to_string();
    let with_output = "y";
    let file_name = [&output, ""].concat();

So, I am using the output variable to specify the filename.

Thanks!

Problems with monitoring

hello , i already try a lot but i have a lot of issue on monitoring , can someone give the process
some probleme i got :
1* i already export but i got this message
1- You need to set at least one webhook variable. For Discord set the findomain_discord_webhook system variable and for Slack set the findomain_slack_webhook variable. Exiting.

2- psql: FATAL: Peer authentication failed for user "postgres"

Add timestamp column to the pgsql database table

Good job men !

I don't know the language which it used to build it to help you but can you add a column with the timestamp of the execution, could be like the date with hours like YYYY-MM-DD-hh-mm.

It could be useful.

Thanks !

New APIs to be added.

Dear users, please put in comments APIs that you think should be added to findomain, it will help me a lot to improve the tool.

Note: what make findomain unique is that it only use APIs and doesn't do searchs in Google, etc. that's the secret why it's so faster. I haven't plans to add that to findomain then put only APIs (post or get) here still if they're not directly relationed with Certificate Transparency logs but can be used to discover subdomains.

Please, the following APIs are already implemented, make sure that the API that you want is not in that list:

Pull requests are more than welcome

Error Sublist3r API

An error occurred while parsing the JSON obtained from the Sublist3r API. Error description: JSON error.

Output single file

Hi,

Would be great to have the option of storing the output in a single file, for better handling in automation. Currently when scanning a massive list of domains it outputs hundreds/thousands .txt files.

Thanks!

Add hability to select the DNS to use.

Actually you can't choose what DNS resolver use, Findomain uses system configuration by default, if it fails to read the configuration then try to use Cloudflare, if it fails then Quad9 and finally Google.

The implementation will make possible a user's choice to select what DNS to use. The option will be --dns cloudflare/quad9/google and if not option is specified then use system's configuration. It will also works for #37.

Option for personalized output file name

Hi, findomain is really awesome tool. But I didn't any options to specify the filename of the output. Can you add an option for it?

It's default append _<number> to the target and that makes a little bit inconvenience for some automation workflow. Currently, I'm grepping >> from the stdout for that purpose :).

Best regards.

Error Compiling on tokio-rustls v0.10.2

Hi,

I got error when try cargo build --release

error: enum variants on type aliases are experimental
   --> /home/wayc0de/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-rustls-0.10.2/src/lib.rs:260:9
    |
260 |         Self::Client(s)
    |         ^^^^^^^^^^^^

error: enum variants on type aliases are experimental
   --> /home/wayc0de/.cargo/registry/src/github.com-1ecc6299db9ec823/tokio-rustls-0.10.2/src/lib.rs:266:9
    |
266 |         Self::Server(s)
    |         ^^^^^^^^^^^^

error: aborting due to 2 previous errors

error: Could not compile `tokio-rustls`.
warning: build failed, waiting for other jobs to finish...
error: build failed

Hope you can help me

Thank you

ARM support

Can you add support for ARM devices? Will be good to have the tool running there.

Not able to publish to slack webhook

Thanks for the big update to allow monitoring using the tool.

When trying to monitor single domain or a file using -f and publish the result to slack, getting the below error:

An error occurred when Findomain tried to publish the data to the following webhook https://hooks.slack.com/services/XXXXXXXXXX.
Error description: 400 Bad Request

The same webhook is working with other message or manually pushing a test message.

Add a new switch to separate ipv4 from ipv6.

Some users only want to see IPv4 or IPv6 addresses in the results.
So I suggest that the normal IP switch shows all IPs and two additional switches show only IPv6 or IPv4 addresses in the results.

Asynchronous HTTP Requests

Currently Findomain is using synchronous HTTP request method that means, every request wait for the previous request to end. But as Findomain is growing, more API's need to be added and synchronous requests aren't the way to go if Findomain want to continue being the most faster subdomain enumerator.

I'm working on a asynchronous HTTP request implementation (means that all requests can be done at the same time), that will make Findomain at least 5x more faster than actual. Until I finished it I will not add more API's. When it implementation is finished then I will add many API's (commented in #7) to sources as I want at the same price in terms of time.

Create file with an ouput

Hi! This tools is really handy but right now it is hard to consume the output in some programmatic way. It would be really cool if we could specify some sort of output file that would be created with results, it could be a JSON or CSV file, probably a txt file with list of subdomain would be also useful.

What do you think?

Add the possibility to use DoT

I prefer the easy way like CURL
Example:
curl --doh-url https://dns.nextdns.io/[Your_ID] domain.url.com/download.example
With DNS over TLS, searching for subdomains is safer.

Allow importing subdomains from other tools

Now that Findomain allows monitoring and fetching subdomains from the postgresql database, it'll be great to have a feature to import subdomains enumerated from other tools.

The feature inclusion will allow users to use findomain to manage subdomains collated from various tools (since no-one uses a single tool for recon).

Parsing Error facebook Api

I get this error when running the tool

An error occurred while parsing the JSON obtained from the Facebook API. Error description: JSON error.

Permission Denied

A total of 113 subdomains were found for ==> xxx.target.com ๐Ÿ‘ฝ

thread 'main' panicked at 'Failed to create file.: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }', src/libcore/result.rs:999:5
note: Run with RUST_BACKTRACE=1 environment variable to display a backtrace.

Import keys - Error

why I'm getting this error? I use mac.

MBP:Security xxp$ ./findomain-osx -h
findomain 0.8.0
Eduard Tolosa [email protected]
The fastest and cross-platform subdomain enumerator, don't waste your time.

MBP:Security xxp$ findomain_spyse_token="TsKL5..." findomain-osx -(options)
-bash: syntax error near unexpected token ('
MBP:Security xxp$
MBP:Security xxp$
MBP:Security xxp$ findomain_spyse_token="TsKL5..." findomain -(options)
-bash: syntax error near unexpected token ('
MBP:Security xxp$

GLIBC_2.25 not found

root@vultr:~/tools# ./findomain-linux
./findomain-linux: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.25' not found (required by ./findomain-linux)
root@vultr:~/tools# 

Remove the emoticons

The emoticons can not be displayed correctly in many consoles even if the correct font is installed. So I recommend to remove the emoticons.

Screenshot:
Bildschirmfoto vom 2020-01-24 18-38-18

List of monitored domains [Feature Request]

A quick check after the 0.4.1 update, there is no option/message to check if the domain is already monitored. A tag -ml (monitored list) or just -l (list) to get the list of monitored domains would be really handy in the long run.

Additionally, how frequently does findomain check for new domains and passes to the webhook?

Add an option to exclude sources

If you cannot use a specific source, it is very useful to exclude these sources directly to save time when scanning for subdomains.

  • Example:
    findomain --threads 100 -ex facebook virustotal -q -f "/URLsToScan.txt" -u '/URLsToScanDONE.txt'

  • Note: -ex for excluding sources.

Make JSON errors more verbose

I get a lot of An error occurred while parsing the JSON obtained from the {} API. Error description: {}. errors and I'd love to see the "JSON" (I suspect findomain is receiving some sort of rate-limiting error page...) that caused the error.

Thanks for the great tool!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.