一、工具背景
Dome是一款开源子域名搜索工具。使用python开发,可进行主动或被动扫描以获取子域并搜索开放端口。
下载地址:https://github.com/v4d1/Dome.git
二、工具使用语法
快速开始
python dome.py -m passive -d domain
工具语法:
命令参数 | 简述 | 例子 |
---|---|---|
-m, --mode | Scan mode. Valid options: active or passive | active |
-d, --domain | Domains name to enumerate subdomains (Separated by commas) | hackerone.com,facebook.com |
-w, --wordlist | Wordlist containing subdomain prefix to bruteforce | subdomains-5000.txt |
-i, --ip | When a subdomain is found, show its ip | |
--no-passive | Do not use OSINT techniques to obtain valid subdomains | |
-nb, --no-bruteforce | Dont make pure bruteforce up to 3 letters | |
-p, --ports | Scan the subdomains found against specific tcp ports | 80,443,8080 |
--top-100-ports | Scan the top 100 ports of the subdomain (Not compatible with -p option) | |
--top-1000-ports | Scan the top 1000 ports of the subdomain (Not compatible with -p option) | |
--top-web-ports | Scan the top web ports of the subdomain (Not compatible with -p option) | |
-s, --silent | Silent mode. No output in terminal | |
--no-color | Dont print colored output | |
-t, --threads | Number of threads to use (Default: 25) | 20 |
-o, --output | Save the results to txt, json and html files | |
--max-response-size | Maximun length for HTTP response (Default:5000000 (5MB)) | 1000000 |
--r, --resolvers | Textfile with DNS resolvers to use. One per line | resolvers.txt |
-h, --help | Help command | |
--version | Show dome version and exit | |
-v, --verbose | Show more information during execution |