AutoSubRecon is a bash script designed to automate the subdomain enumeration process, providing both passive and active enumeration options. It leverages various tools to gather subdomains and filter out the results for further analysis.
bash autosubrecon.sh <target>
- Passive Gathering: AutoSubRecon retrieves subdomains using multiple sources, including crt.sh, RapidDNS, AlienVault, HackerTarget, URLScan, Jldc, Google, and Bing.
- Subfinder: The script runs the subfinder tool to fetch additional subdomains.
- DNS Brute Forcing: AutoSubRecon utilizes puredns to perform DNS brute-forcing for subdomain discovery.
- Permutations: The tool generates permutations using gotator to uncover potential subdomains.
- Resolving Permutations: AutoSubRecon resolves the generated permutations using puredns.
- SSL/TLS Probing: The script employs cero for SSL/TLS probing to discover subdomains.
- Crawling: AutoSubRecon utilizes gospider to crawl JavaScript files and extract potential subdomains.
- Output Cleaning: The script cleans the output and fetches domains using unfurl.
- Resolving Output Subdomains: AutoSubRecon resolves the obtained subdomains using puredns.
- Subdomain Filtering: AutoSubRecon removes duplicate subdomains and saves the filtered results in filtered_subs.txt.
- Host Discovery: The script utilizes httpx to fetch corresponding hosts for the filtered subdomains, saving the results in filtered_hosts.txt.
To run AutoSubRecon, follow these steps:
- Install the required tools mentioned above.
- Clone the Wordlists repository.
- Create a file named inscope.txt in the subs/ directory and add your target domains.
By following these instructions, you can automate the subdomain enumeration process using AutoSubRecon and efficiently discover potential subdomains for your target domains.