Domained – Multi Tool Subdomain Enumeration

Domained – Multi Tool Subdomain Enumeration

Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting.

This produces categorized screenshots, server response headers and signature based default credential checking. It is written in Python heavily leveraging Recon-ng.

Domains Subdomain Enumeration Tools Leveraged

Subdomain Enumeraton Tools:

  • Sublist3r
  • enumall
  • Knock
  • Subbrute
  • massdns
  • Recon-ng
  • Amass
  • SubFinder

Reporting + Wordlists:

  • EyeWitness
  • SecList (DNS Recon List)
  • LevelUp All.txt Subdomain List

Domained Subdomain Enumeration Tool Usage

--install/--upgrade Both do the same function – install all prerequisite tools
--vpn Check if you are on VPN (update with your provider)
--quick Use ONLY Amass and SubFinder
--bruteall Bruteforce with JHaddix All.txt List instead of SecList
--fresh Delete old data from output folder
--notify Send Pushover or Gmail Notifications
--active EyeWitness Active Scan
--noeyewitness No Eyewitness
-d The domain you want to preform recon on
-b Bruteforce with subbrute/massdns and SecList wordlist
-s n Only HTTPs domains
-p Add port 8080 for HTTP and 8443 for HTTPS

Subdomain Enumeration Examples

First Steps are to install required Python modules and tools:

sudo pip install -r ./ext/requirements.txt
sudo python --install

Example 1 – Uses subdomain (Sublist3r (+subbrute), enumall, Knock, Amass, and SubFinder)

python -d

Example 2: – Uses subdomain with seclist subdomain list bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall, and SubFinder), adds ports 8443/8080 and checks if on VPN

python -d -b -p --vpn

Example 3: – Uses subdomain with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall and SubFinder)

python -d -b --bruteall

Example 4: – Uses subdomain and only Amass and SubFinder

python -d --quick

Example 5: – Uses subdomain, only Amass and SubFinder and notification

python -d --quick --notify

Example 6: – Uses subdomain with no EyeWitness

python -d --noeyewitness

Note: --bruteall must be used with the -b flag

You can download Domained here:

Or read more here.

Read the rest of Domained – Multi Tool Subdomain Enumeration now! Only available at Darknet.