A tool to find subdomains or domains from passive sources.
Vita is a tool to gather subdomains from passive sources much like tomnomnom's assetfinder.
Precompiled binaries for vita are available in the releases tab. Just pick your platform and extract the archive that contains the binary.
If you want to build it yourself you will need to install Rust, you can get the official installation from the Rust website.
To build Vita:
$ git clone https://github.com/junnlikestea/vita
$ cd vita
$ cargo build --release
$ ./target/release/vita --version
With a single domain and collecting data from free sources
vita -d hackerone.com
By default the results will be unique, and will filter subdomains not related to your root domain, or domains if you choose to supply multiple.
Collecting data only on a specific subdomain
If you only want to collect results related to a specific subdomain you can use
the --subs-only
flag. This will cause vita to run on the actual domain and not
the root domain. Results will be filtered to anything that ends with the input
domain or domains.
vita -d api.hackerone.com --subs-only
With a list of domains from a file
vita -f path/to/domains.txt
With a list of domains from stdin
vita < /path/to/domains.txt
Outputting results as they're received
You can output results as they arrive as opposed to once all sources finish using
the --flush
flag. You might want to use this flag when you're running vita on a
small vps without much memory. When this flag is active vita will not remove duplicates,
so you may want to pipe it through something like sort -u
.
vita -d hackerone.com --flush
Collecting data using paid sources
If you want to include sources which require API keys, add the -a
or -all
flag, for example:
vita -d hackerone.com -a
By default it will just ignore services you don't supply keys for.
Excluding sources
You can exclude sources with the -e
flag
vita -d hackerone.com -e Wayback
If you would like some more verbose output you can use the -v
flag. There are
different levels of verbosity ranging from noisy to informational, most of the
time I just use info
. This is all printing to stderr, so it won't be captured
in the results.
info
: General information like how many results each source returned.debug
: Lots and lots of information about what's going on under the hood.vita -d hackerone.com -v info
Vita uses async concurrent http requests under the hood. If you encounter an error similar to "Too many open files" it means that there isn't enough available file descriptors on your system. You can fix this by increasing the hard and soft limits. There are lots of different guides available to increase the limits but here is one for linux.
Add a .env
file to the tool directory or add the following to your existing .env
file:
BINARYEDGE_TOKEN
setCHAOS_KEY
setFB_APP_ID
and FB_APP_SECRET
set.SPYSE_TOKEN
set.SECURITY_TRAILS_KEY
set.C99_KEY
set.PASSIVETOTAL_KEY
and PASSIVETOTAL_SECRET
setINTELX_KEY
and INTELX_URL
to be setIf you hit rate limits or authentication fails, the source will just be ignored from the list of potential sources.
Currently Vita will limit the search for data to 200 root domains concurrently. If you would like to
change that limit you can use the -c
flag:
vita -f /path/to/roots.txt -c 400
0xatul For constant feedback and improvement ideas.
dee-see For the contributions and neat issues!
TomNomNom For inspiring me to write and release open source tools.
Cgboal For SonarSearch which is a data source for Vita.
ProjectDiscovery For Chaos which is a great data source.
Thanks to all the data source providers, and everyone else I can't seem to remember at this point in time. I'll make sure to add you in the future.
Developers have/has no responsibility or authority over any kind of: