Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Update = 2020-12-14
Fixed and update regular expresion shodan to crawling subdomain
Added Engine/Resources - DNSDB - OK - Spyse - Ok - RiskIQ/PassiveTotal - Ok - Facebook Cert Transparency - Ok
Remove Entrust Sources (Not accessible) anymore
Findsubdomains replace to Spyse
Update - 2020-10-13
Update - Added Feature Sending notifications to a slack channel
Update - 2020-06-29
Generate & make wordlist based on collecting url resources (wayback,urlscan,commoncrawl)
- To make that, we Extract All the paramater and path from our domain recon
Added New plugin to screenshot using gowitness
- Default argument -ss (default running: gowitness)
- You can choice another screenshot tools, like (-ss webscreeenshot)
Update & Added package on "/lib/bin"
Added Extract Interest URL Like Document extension (pdf,docx),Javascript,Interesting path & Files
Fixing and Added regex to parsing url and parameter
Change native subdomain take over to using subjack
Added to check cname (Subdomain > CNAME resolv > NXDOMAIN | Pattern matching )
1.1.7#dev
Update - Added New Plugin webanalyze
For using plugin apps-identifider/-ai , you can choice useing wappalyzer or webanalyze (default::wappalyzer)
example : ./sudomy -d bugcrowd.com -aI webanalyze
Added Clouder IP Checker (Just run with argument -cf or --dnsprobe -cf )
IP Resolve -> Cloudfare IP Checker
Added Plugin Websocket Check
Update
Added binary 3rd pkg to lib/bin for easy management/handling
Added New Plugin httpx
Detection urls, ports, title, content-length, status-code, response-body probbing.
Smart auto fallback from https to http as default.
Added New Plugin dnsprobe
Perform multiple dns queries of your choice with a list of user supplied resolvers
Remove the Plugin to new folder for easy fixing, update & path
[1.1.2] - 2020-02-15
Update
Data Collecting/Scraping open port from 3rd party (Default::Shodan), For right now just using Shodan [Future::Censys,Zoomeye]
So we do not perfom active scan, who collect the port ? Third-party sites (Shodan,Zoomeye,Censys) doing that and perfom active scan and then, we just collected the port from their result
More efficient and effective to collecting port from list ip on target [[ Subdomain > IP Resolver > Crawling > ASN & Open Port ]]. Here we can further narrow the targeting port for checking in port scanning
List ASN From IP List [running auto on db_port::ip_dbasn.txt]
[1.1.2] - 2020-02-15
Update
Added Identify technologies on websites from domain list
Fix Some Bug and Issues