Hey Folks, today we are back with interesting tools for bug bounty hunters and usually every bug bounty hunters are looking for a tool that can helps to find bugs and give reward them in few seconds and the tool we’re going to talk about, he is completely right according to the requirements. Basically the tools first find the subdomain and then find the subdomain which shows “404” error from those list. Looks good so let’s test it.
Let’s test it 🙂 !!
You must have “python3” and “pip” dependencies already installed in your system in order to install this tool. Let’s go ahead and first download this github project via git clone command, go to the directory of this tool and execute python command.
git clone https://github.com/m8r0wn/subscraper
cd subscraper
python3 setup.py installGood 🙂 !! There are still a few more dependencies left which we will download via the pip command.
pip install -r requirements.txtDone 🙂 !! Now we can boot this tool by executing the following command.
subscraper -hLet’s take an example and try to get all the subdomains associated with this domain. So all you have to do is give any domain name here and it will identify all the subdomains.
subscraper vulnweb.comHmm 🙂 !! As you can see we don’t need to give any extra parameter to save the results as it does all the things itself.
If you want to use own wordlist than can give path by using “-w” param.
subscraper vulnweb.com -w /usr/share/wordlists/dirb/common.txtThere are three options are available but all these options are available for different purposes so we will choose the second option to grab the live subdomain.
subscraper -e 2 vulnweb.comNow it’s main feature of this tool that become it different from other tool. So whenever we get a “404” response on a subdomain it may be possible that the pointing service is down or the owner has stopped to pick up the service that is pointing at the subdomain, but with the help of other tools we need to do more effort to find the subdomain which is giving “404” error and for that we open each domain one by one but it gives us results along with HTTP response so that it easier to find subdomain vulnerabilities in any web application. All we have to do is pick up the path of the result and append with the command and execute it and the final results will be displayed on the terminal.
subscraper --takeover subscraper_report.txtA keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
Hey Folks :) !! In this article, we present the "Termux Cheat Sheet for Hackers"…
Amid the rapid advancement of technology, the significance of human involvement in cybersecurity frequently goes…
Hey Folks, we are back today after such a long break, but don't worry we…
The security of your API should be one of the top priorities of companies. Without…
Hey Folks, In today's business world, it is essential to have an online presence. However,…
Hey Folks, Is your business prepared in case of a cyber attack? Many companies don't…
This website uses cookies.