Sudomy – Subdomain Enumeration & Analysis Tool

Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way.

Sudomy is using cURL library in order to get the HTTP Response Body from third-party sites to then execute the regular expression to get subdomains. This process fully leverages multi processors, more subdomains will be collected with less time consumption.

Sudomy -  Subdomain Enumeration & Analysis Tool
Sudomy – Subdomain Enumeration & Analysis Tool

For recent time, Sudomy has the following features:

  • Easy, light, fast and powerful. Bash script is available by default in almost all Linux distributions. By using bash script multiprocessing feature, all processors will be utilized optimally.
  • Subdomain enumeration process can be achieved by using active method or passive method
  • Active mode – utilize Gobuster tools because of its highspeed performance in carrying out DNS Subdomain Bruteforce attack (wildcard support). The wordlist that is used comes from combined SecList (Discover/DNS) lists which contains around 3 million entries
  • Passive mode – By selecting the third-party sites, the enumeration process can be optimized. More results will be obtained with less time required.
  • Test the list of collected subdomains and probe for working http or https servers.
  • Subdomain availability test based on Ping Sweep and/or by getting HTTP status code.
  • The ability to detect virtualhost (several subdomains which resolve to single IP Address). Sudomy will resolve the collected subdomains to IP addresses, then classify them if several subdomains resolve to single IP address. This feature will be very useful for the next penetration testing/bug bounty process. For instance, in port scanning, single IP address won’t be scanned repeatedly
  • Performed port scanning from collected subdomains/virtualhosts IP Addresses
  • Testing Subdomain TakeOver attack
  • Taking Screenshotsof subdomains
  • Identify technologies on website
  • Report output in HTML or CSV format

You can read more and download this tool over here: https://github.com/Screetsec/Sudomy

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments