Dry goods ｜ three sub domain name collection tools worth collecting

Preface

There are many tools and ways to collect subdomain names , But there are many tools that are not very easy to use , I think it's important to have several parameter values when blasting subdomains

One is whether there are complete ways for tools to collect subdomain names , Another is whether it will display title Information and response status code of subdomain name

title And the response status code can help us quickly identify what the website is about and whether it is accessible , Can improve us web The speed of dotting

Sort out several tools you often use :

• oneforall
• fofa_view
• Search engine

One 、 utilize an instrument

oneforall

The first recommendation is oneforall This tool , See the project address at the end of the text for details

Depend on the environment ：python3

tips： The directory where the tool is located cannot have a directory name with spaces , Otherwise, the file cannot be saved

1. Install dependencies first ：

pip install -r requirements.txt

2. Profile Settings （ Individual be fond of , It's not necessary ）

（1） open \OneForAll-master\config\setting.py, take result_export_alive = False Change it to True, Non surviving subdomains are not saved

（2） open \OneForAll-master\config\default.py, to small_ports Add scanned port small_ports = [80, 443, 8000, 8080, 8001, 8090, 7001, 8443]

3. Common usage

（1） Blasting target subdomain , And save for CSV file

oneforall.py --target jd.com  --fmt csv run

The results are stored in \OneForAll-master\results\jd.csv in

Open the result file , But there are a lot of things , More chaotic , We can focus on the following fields of Frame Columns , Others can be deleted

Two 、 Using search engines

fofa_view

Will be fofa Made a graphical tool , Then introduce the fofa Of api Interface . Better than in a browser . See the project address at the end of the text for details

We download jdk file

1. To configure fofa api, No, fofa Members' words don't work

open config.properties To configure email and key value （ Sign in fofa Click the avatar personal Center —— The personal data —— Copy contact email and api key）

2. newly build fafa.bat file

Fill in ：java -jar fofaviewer.jar

3. double-click bat File to start the fofa_view

And in the browser fofa The grammar is the same , Such as searching sub domain name

google grammar

Recommended google Search engine

1. Search subdomain , exclude www Main domain

site:jd.com -www

After the collection of these three tools , The subdomain is very different ！

Reference material

[7]OneForAll:https://github.com/shmilylty/OneForAll

[8]fofa_viewer:https://github.com/wgpsec/fofa_viewer/releases