SDomDiscover | A Easy-To-Use Python Tool To Perform DNS Recon

All in One Recon Tool

An easy-to-use python tool to perform dns recon, subdomain enumeration and much more

The purpouse of this tool is helping bug hunters and pentesters during reconnaissance

If you want to know more about the tool you can read my own post in my blog (written in spanish)

Installation:

It can be used in any system with python3

You can easily install AORT using pip:

pip3 install aort

If you want to install it from source:

git clone https://github.com/D3Ext/AORT cd AORT pip3 install -r requirements.txt

One-liner

git clone https://github.com/D3Ext/AORT && cd AORT && pip3 install -r requirements.txt && python3 AORT.py

Usage:

  • Common usages

If installed with pip3:

aort

To see the help panel and other parameters

python3 AORT.py -h

Main usage of the tool to dump the valid domains

python3 AORT.py -d example.com

Perform all the recon

python3 AORT.py -d domain.com --all

Features:

:ballot_box_with_check: Enumerate subdomains using passive techniques (like subfinder)

:ballot_box_with_check: A lot of extra queries to enumerate the DNS

:ballot_box_with_check: Domain Zone transfer attack

:ballot_box_with_check: WAF type detection

:ballot_box_with_check: Subdomain Takeover checker

:ballot_box_with_check: Scan common ports

:ballot_box_with_check: Check active subdomains (like httprobe)

:ballot_box_with_check: Wayback machine support to enumerate endpoints (like waybackurls)

:ballot_box_with_check: Email harvesting

Demo:

Simple query to find valid subdomains

Third part

The tool uses different services to get subdomains in different ways

The WAF detector was modified and addapted from CRLFSuite concept

All DNS queries are scripted in python at 100%

Email harvesting using Proxycrawl API with personal token (you can register a free account with 100 uses)

GitHub:

2 Likes