A python script that automates my discovery process and recon workflow for given target domains/assets, by utilizing open-source tools used for web application testing.
- Utilizes "Amass" in enum mode to collect subdomains under given domains.
- Utilizes an open-source tool by gwen001 to perform GitHub-dorking with a GitHub access token to collect more subdomains.
- Utilizes "Aquatone" to perform visual sorting of discovered end-points to seperate unique web applications from duplicate ones.
- Utilizes "Subdomainizer" to scan responses and JS files for potentially sensitive information.
- Clone "Huntsman" from Github:
git clone https://github.com/Import3r/Huntsman.git
- Change directory to "Huntsman":
cd Huntsman
- Install needed packages from apt_packages.txt:
xargs -r -a apt_packages.txt sudo apt-get install -y
- Run "Huntsman":
python3 main.py
Note: running "Huntsman" for the first time may trigger the installer prompt for missing tools.