domfind
domfind is a Python 3.6.x utility that tests for the existence of domain names under different Top Level Domains (TLDs). This is achieved by making a series of DNS requests for Start of Authority (SOA) records starting at the root servers and working down through the parent domains until the last parent replies with a SOA section or a NXDOMAIN response code indicating the nonexistence of the input domain name. Local or public DNS resolvers are purposefully not used in order to avoid cached records. It should be noted that the number of DNS queries performed grows linearly with the depth of the input domain and the number of TLDs to check for. For instance, sub1.sub2.domain.tld needs a total of three queries per TLD. The first one is directed at a root server, the second one goes to a NS server of domain.tld, and the third, final one to sub2.domain.tld. This utility is useful to find malicious subdomains registered under multiple TLDs that might be used for phishing campaigns. Malicious actors often use the same domain name for related or subsequent campaigns for hosting web servers, which can be proactively found with domfind as a one-off, if a domain name is known, and act
FEATURES
ALTERNATIVES
A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.
A collection of resources for practicing penetration testing
A collection of tips and tricks for container and container orchestration hacking
A Ruby framework designed to aid in the penetration testing of WordPress systems.
A front-end JavaScript toolkit for creating DNS rebinding attacks
Modern, asynchronous, multiplayer & multiserver C2/post-exploitation framework with Python 3 and .NETs DLR.
SauronEye helps in identifying files containing sensitive data such as passwords through targeted directory searches.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.