Hey Folks, today we are back with interesting tools for bug bounty hunters and usually every bug bounty hunters are looking for a tool that can helps to find bugs and give reward them in few seconds and the tool we’re going to talk about, he is completely right according to the requirements. Basically the tools first find the subdomain and then find the subdomain which shows “404” error from those list. Looks good so let’s test it.
Let’s test it 🙂 !!
Installation
You must have “python3” and “pip” dependencies already installed in your system in order to install this tool. Let’s go ahead and first download this github project via git clone command, go to the directory of this tool and execute python command.
|
1 2 3 |
git clone https://github.com/m8r0wn/subscraper cd subscraper python3 setup.py install |
Good 🙂 !! There are still a few more dependencies left which we will download via the pip command.
|
1 |
pip install -r requirements.txt |
Done 🙂 !! Now we can boot this tool by executing the following command.
|
1 |
subscraper -h |
Dump Subdomain
Let’s take an example and try to get all the subdomains associated with this domain. So all you have to do is give any domain name here and it will identify all the subdomains.
|
1 |
subscraper vulnweb.com |
Hmm 🙂 !! As you can see we don’t need to give any extra parameter to save the results as it does all the things itself.
Custom Wordlist
If you want to use own wordlist than can give path by using “-w” param.
|
1 |
subscraper vulnweb.com -w /usr/share/wordlists/dirb/common.txt |
Active Subdomain
There are three options are available but all these options are available for different purposes so we will choose the second option to grab the live subdomain.
|
1 |
subscraper -e 2 vulnweb.com |
Subdomain Takeover
Now it’s main feature of this tool that become it different from other tool. So whenever we get a “404” response on a subdomain it may be possible that the pointing service is down or the owner has stopped to pick up the service that is pointing at the subdomain, but with the help of other tools we need to do more effort to find the subdomain which is giving “404” error and for that we open each domain one by one but it gives us results along with HTTP response so that it easier to find subdomain vulnerabilities in any web application. All we have to do is pick up the path of the result and append with the command and execute it and the final results will be displayed on the terminal.
|
1 |
subscraper --takeover subscraper_report.txt |
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
