assetfinder is a Go-based tool used to find related domains and subdomains that may be related to a given domain from various sources (including Facebook, ThreatCrowd, Virustotal, etc.).
Assetfinder uses a variety of sources, including sources in information security spaces and social networks that can provide relevant information:
- document
- Authenticator
- Hacker target
- Threatening the crowd
- Return to the machine
- dns.bufferover.run
- Facebook- Need to set FB_APP_ID and FB_APP_SECRET environment variables (https://ift.tt/I37asW), you need to pay attention to the rate limit of the application
- Total number of viruses – Need VT_API_KEY environment variable set (https://ift.tt/2miUJsw)
- Find subdomains – Need to set the SPYSE_API_TOKEN environment variable (the free version always gives the first response page, you will also get “25 unlimited requests”)-(https://ift.tt/3FFkeI6)
Source to be implemented:
- https://ift.tt/3pBA0Om
- https://ift.tt/3HmjXKo (?)
- https://riddler.io/
- http://www.dnsdb.org/
- https://ift.tt/3eP9JpX
Use the asset finder to find related domains and subdomains
The usage is very simple, basically there is only one option to limit the search to only subdomains-by default it will scan all associated domains and subdomains.
Asset Finder [–subs-only] <�域>
|
Asset Finder [–subs–only] <field> |
Install assetfinder to find related domains and subdomains
If you have installed and configured Go (i.e. use $GOPATH/bin At your $PATH):
Go to -u github.com/tomnomnom/assetfinder
|
go with get ——you github.and/Psychic/Asset Finder |
Another similar latest tool uses many of these sources, and one that is also worth checking out is the OWASP Amass project-DNS enumeration, attack surface mapping, and external asset discovery.
You can download the asset finder here:
source: Asset Finder-master.zip
Linux: assetfinder-linux-386-0.1.1.tgz
Windows: assetfinder-windows-386-0.1.1.zip
Or read more here.
