Domained is a framework that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains that are passed to EyeWitness for reporting with categorized screenshots, server response headers and signature based default credential checking.

There are several tools included with this program that may cover the enumeration , reporting and wordlists. This will allow penetration tester to verify the target against different programs.

Subdomain Enumeration Tools:

1. Sublist3r by Ahmed Aboul-Ela
2. enumall by Jason Haddix
3. Knock by Gianni Amato
4. Subbrute by TheRook
5. massdns by B. Blechschmidt
6. Recon-ng by Tim Tomes (LaNMaSteR53)
7. Amass by Jeff Foley (caffix)
8. SubFinder by by Ice3man543

Reporting + Wordlists:

• EyeWitness by ChrisTruncer
• SecList (DNS Recon List) by Daniel Miessler
• LevelUp All.txt Subdomain List by Jason Haddix

Some usage examples:

Example 1: -d example.com
Uses subdomain example.com (Sublist3r (+subbrute), enumall, Knock, Amass, and SubFinder)

Example 2: -d example.com -b -p –vpn
Uses subdomain example.com with seclist subdomain list bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall, and SubFinder), adds ports 8443/8080 and checks if on VPN

Example 3: -d example.com -b –bruteall
Uses subdomain example.com with large-all.txt bruteforcing (massdns, subbrute, Sublist3r, Amass, enumall and SubFinder)

Example 4: -d example.com –quick
Uses subdomain example.com and only Amass and SubFinder

Example 5: -d example.com –quick –notify
Uses subdomain example.com, only Amass and SubFinder and notification

Example 6: -d example.com –noeyewitness
Uses subdomain example.com with no EyeWitness

You can read more and download this framework over here: https://github.com/TypeError/domained