💰subfear.sh
domain=taxify.eu; export output_dir="subdomains_output"; rm -rf "$output_dir" && mkdir -p "$output_dir"; figlet -f slant -c "Start Hacking" | lolcat && figlet -f digital -c "Hack to Learn" | lolcat && figlet -f mini -c "Sub Fear" | lolcat; figlet -f small -c "Passive: Subfinder" | lolcat; subfinder -d "$domain" -all -recursive -t 200 -o subfinder.txt; figlet -f small -c "Passive: Assetfinder" | lolcat; assetfinder --subs-only "$domain" | tee assetfinder.txt; figlet -f small -c "Passive: Findomain" | lolcat; findomain --quiet -t "$domain" -u findomain.txt; figlet -f small -c "Passive: Web Archive" | lolcat; curl -s "https://web.archive.org/cdx/search/cdx?url=*.$domain&fl=original&collapse=urlkey" | sed -E 's_https?://__' | awk -F/ '{print $1}' | sed -E 's/:.*//' | sed 's/^www\.//' | sort -u | tee wayback.txt; figlet -f small -c "Passive: crt.sh" | lolcat; curl -s "https://crt.sh/?q=%25.$domain&output=json" | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u | tee crt.txt; figlet -f small -c "Passive: Virustotal" | lolcat && curl -s "https://www.virustotal.com/vtapi/v2/domain/report?apikey=e4726b21a95fb9db348aaa70bbe44121aa5054ada6171a61e680fc2b398bdbe1&domain=$domain" | grep -oE '[a-zA-Z0-9.-]+\.[a-z]{2,}' | sort -u | tee virustotal.txt || echo "VT API key not set, skipping VT" | lolcat; figlet -f small -c "Passive: GitHub" | lolcat && export GITHUB_TOKEN=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 && github-subdomains -d "$domain" -o github-subdomains.txt || echo "GITHUB_TOKEN not set, skipping github-subdomains" | lolcat; figlet -f small -c "Passive: Amass" | lolcat; amass enum -d "$domain" -o domains-amass.txt -timeout 12 -v || true; grep -oP '^\S+' domains-amass.txt 2>/dev/null | sort -u > amass.txt || true; figlet -f small -c "Sorting Passive Subdomains" | lolcat; cat amass.txt github-subdomains.txt crt.txt wayback.txt virustotal.txt assetfinder.txt subfinder.txt findomain.txt 2>/dev/null | sort -u | sed -E 's#https?://##; s/:([0-9]+)//' | tee "$output_dir/passive-subs.txt"; figlet -f small -c "Active: Knockpy" | lolcat; knockpy -d "$domain" --recon --bruteforce | grep -oP 'https?://[a-zA-Z0-9._-]+(:[0-9]+)?' | sed -E 's_https?://__' | sed -E 's/:([0-9]+)//' | sort -u | tee knockpy.txt || true; figlet -f small -c "Active: Alterx + DNSX" | lolcat; (cat subfinder.txt 2>/dev/null || echo "$domain") | alterx | tee dnsx-subs.txt; echo "$domain" | alterx | tee -a dnsx-subs.txt; echo "$domain" | alterx -enrich | tee -a dnsx-subs.txt; echo "$domain" | alterx -pp word=/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt | tee -a dnsx-subs.txt; figlet -f small -c "Active: dnsx resolve" | lolcat; puredns resolve dnsx-subs.txt --threads 250 --resolvers resolvers.txt --resolvers-trusted trusted.txt --rate-limit 1000 | tee alterx.txt || true; figlet -f small -c "Active: Puredns Services-Names-Wordlist" | lolcat; puredns bruteforce services-names.txt "$domain" | grep -oE '[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' | sort -u | tee services-puredns.txt || true; figlet -f small -c "Sorting Active Subdomains" | lolcat; cat services-puredns.txt knockpy.txt alterx.txt 2>/dev/null | sort -u | sed -E 's#https?://##; s/:([0-9]+)//' | tee "$output_dir/active-subs.txt"; figlet -f small -c "Merging Active Passive Subdomains" | lolcat; cat "$output_dir/active-subs.txt" "$output_dir/passive-subs.txt" 2>/dev/null | sort -u | tee "$output_dir/subdomains.txt"; figlet -f small -c "Probing Live Subs" | lolcat; cat "$output_dir/subdomains.txt" | httpx-toolkit -ports 80,443,8080,8000,8888,8881,8889 -threads 200 | sort -u | tee "$output_dir/livesubdomains.txt"; sed -i 's/:[0-9]\+//g' "$output_dir/livesubdomains.txt" || true; figlet -f small -c "Status 200 Subs" | lolcat; cat "$output_dir/livesubdomains.txt" | httpx -mc 200 | tee "$output_dir/200_livesubdomains.txt"; echo -e "\nLive Subdomains Count: $(wc -l < "$output_dir/livesubdomains.txt")" | lolcat#!/bin/bash
figlet -f slant -c "Start Hacking" | lolcat && figlet -f digital -c "Hack to Learn" | lolcat && figlet -f mini -c "Sub Fear" | lolcat
# Step 1: Accept the domain name from the user
figlet -f small -c "Enter Domain" | lolcat
echo -e "\033[1;34mEnter the domain name:\033[0m"
read domain
# Step 2: Prepare directories
figlet -f small -c "Setting Up Output Dir" | lolcat
rm -r "subdomains_output"
output_dir="subdomains_output"
mkdir -p "$output_dir"
# Step 3: Start Passive Enum
figlet -f small -c "Passive: Subfinder" | lolcat && subfinder -d $domain -all -recursive -t 200 -o subfinder.txt
figlet -f small -c "Passive: Assetfinder" | lolcat
assetfinder --subs-only $domain | tee assetfinder.txt
figlet -f small -c "Passive: Findomain" | lolcat
findomain --quiet -t $domain -u findomain.txt
figlet -f small -c "Passive: Web Archive" | lolcat
curl -s "http://web.archive.org/cdx/search/cdx?url=*.$domain/*&output=text&fl=original&collapse=urlkey" |sort| sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sort -u | tee wayback.txt
figlet -f small -c "Passive: crt.sh" | lolcat
curl -s "https://crt.sh/?q=%25.$domain&output=json" | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u | tee crt.txt
figlet -f small -c "Passive: Virustotal" | lolcat
curl -s "https://www.virustotal.com/vtapi/v2/domain/report?apikey=e4726b21a95fb9db348aaa70bbe44121aa5054ada6171a61e680fc2b398bdbe1&domain=$domain" | grep -oE '[a-zA-Z0-9.-]+\.[a-z]{2,}' | sort -u | tee virustotal.txt
figlet -f small -c "Passive: GitHub" | lolcat
export GITHUB_TOKEN=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
github-subdomains -d $domain -o github-subdomains.txt
# Step 4: Sorting Passive Subdomains
figlet -f small -c "Sorting Passive Subdomains" | lolcat
cat github-subdomains.txt crt.txt wayback.txt virustotal.txt assetfinder.txt subfinder.txt findomain.txt | sort -u | sed -E 's#https?://##; s/:([0-9]+)//' | tee "$output_dir/passive-subs.txt"
# Step 5: Start Active/Brute Enum
figlet -f small -c "Active: Knockpy" | lolcat
knockpy -d $domain --recon --bruteforce | grep -oP 'https?://[a-zA-Z0-9.-]+(:[0-9]+)?' | tee knockpy.txt
figlet -f small -c "Active: Alterx + DNSX with Multiple Variations" | lolcat
cat subfinder.txt | alterx | tee dnsx-subs.txt
echo "$domain" | alterx | tee -a dnsx-subs.txt
echo "$domain" | alterx -enrich | tee -a dnsx-subs.txt
echo "$domain" | alterx -pp word=/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt | tee -a dnsx-subs.txt && cat dnsx-subs.txt | wc -l
figlet -f small -c "Active: dnsx-subs Resolve" | lolcat
puredns resolve dnsx-subs.txt --threads 250 --resolvers resolvers.txt --resolvers-trusted trusted.txt --rate-limit 1000 | tee alterx.txt
figlet -f small -c "Active: Puredns Services-Names-Wordlist" | lolcat
puredns bruteforce services-names.txt $domain | grep -oE '[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' | tee services-puredns.txt
# Step 6: Sorting Active Subdomains
figlet -f small -c "Sorting Active Subdomains" | lolcat
cat services-puredns.txt knockpy.txt alterx.txt | sort -u | sed -E 's#https?://##; s/:([0-9]+)//' | tee "$output_dir/active-subs.txt"
# Step 7: Start IP Enum
figlet -f small -c "Sorting Active Subdomains" | lolcat
shodan init qR2Cu00BTenPnQANNB7lB85Nd4GesofA && shodan search hostname:"$domain" 200 --fields ip_str --limit 1000 | tee -a all-ip.txt
shodan init qR2Cu00BTenPnQANNB7lB85Nd4GesofA && shodan search ssl.cert.subject.CN:"$domain" --fields ip_str --limit 1000 | tee -a all-ip.txt
cat all-ip.txt | sort -u | tee "$output_dir/ip.txt"
cat "$output_dir/ip.txt" | wc -l
# Step 7: Merging Active Passive Subdomains
figlet -f small -c "Merging Active Passive Subdomains" | lolcat
cat "$output_dir/active-subs.txt" "$output_dir/passive-subs.txt" | sort -u | tee "$output_dir/subdomains.txt"
# Step 8: Probing Live Subs
figlet -f small -c "Probing Live Subs" | lolcat
cat "$output_dir/subdomains.txt" | httpx -threads 200 | grep $domain | tee "$output_dir/livesubdomains.txt"
cat "$output_dir/ip.txt" | httpx -threads 200 | tee -a "$output_dir/livesubdomains.txt"
cat "$output_dir/livesubdomains.txt" | wc -l
# Step 9: Status 200
figlet -f small -c "Status 200 Subs" | lolcat
cat "$output_dir/livesubdomains.txt" | httpx -mc 200 | tee "$output_dir/200_livesubdomains.txt"
cat "$output_dir/200_livesubdomains.txt" | wc -l
# Step 17: Clean Intermediate Files
figlet -f small -c "Cleanup" | lolcat
rm all-ip.txt alterx.txt services-puredns.txt knockpy.txt dnsx-subs.txt wayback.txt virustotal.txt github-subdomains.txt puredns.txt crt.txt assetfinder.txt subfinder.txt findomain.txt amass.txt raw-amass.txt domains-amass.txt subdomains.txt
figlet -f slant -c "Subdomains Gathering All Tasks Done!" | lolcat
figlet -f slant -c "Start Endpoints Gathering" | lolcat
figlet -f small -c "Run Waybackurls" | lolcat
wget -O data.txt "https://web.archive.org/cdx/search/cdx?url=*.$domain/*&output=text&fl=original&collapse=urlkey&from=" && cat data.txt | grep -Evi '\.(css|js|jpe?g|png|gif|webm|avi|dll|pl|c|py|sh|deb|exe|zip|mp4|mp3|mpeg|mpg|flv|wmv|wma|aac|m4a|ogg|bat|dat|cfg|bin|tiff?|csv|ttf|pptx?|ppsx|docx?|xlsx?|eot|xml|mpp|mdb|json|woff2?|svg|txt|jar|pdf|ico|0|1|2|3|4|m4r|kml|pro|yao|cur|gcn3|egy|par|lin|yht)([/?#\.].*|$)' | sed -E 's/:80([/?#]|$)/\1/g; s/:443([/?#]|$)/\1/g; s/:8443([/?#]|$)/\1/g; s/:8080([/?#]|$)/\1/g' | tee "$output_dir/wayback.txt"
figlet -f small -c "Run Gau" | lolcat
cat "$output_dir/livesubdomains.txt" | gau --threads 100 | tee "$output_dir/gau.txt"
figlet -f small -c "Run Katana" | lolcat
katana -u "$output_dir/livesubdomains.txt" -d 5 -jc -fx -aff -ef woff,js,css,png,svg,jpg,woff2,jpeg,gif,svg -o "$output_dir/katana.txt"
figlet -f small -c "Merge All URLS" | lolcat
cat "$output_dir/wayback.txt" "$output_dir/gau.txt" "$output_dir/katana.txt" | grep $domain | sort -u | uro | tee "$output_dir/endpoints.txt"
cat "$output_dir/endpoints.txt" | grep '=' | sort -u > param.txt
urless -i param.txt -o "$output_dir/xss-ready.txt"
figlet -f slant -c "Endpoints Gathering All Tasks Done!" | lolcat
figlet -f slant -c "Start information Gathering" | lolcat
cat "$output_dir/livesubdomains.txt" | nuclei -t /home/kali/nucli/api/ -o "$output_dir/api-targets.txt"
nuclei -l "$output_dir/livesubdomains.txt" --tags panel,tech,osint --s info,low,high,critical,medium -es unknown -c 30 -o "$output_dir/info-targets.txt"
figlet -f slant -c "information Gathering All Tasks Done!" | lolcatLast updated