09/09/2022 - Miniseries - Subdomain Enumeration Part 2

Today we will take a closer look at the OneForAll tool.

09/09/2022 - Miniseries - Subdomain Enumeration Part 2


This post is aimed more at beginners who want to get into the topic. I will write it a bit simpler and not highlight the "How does it work exactly?", but rather how to get to the goal on a simple level. I will not address payment software. Next are 3 tools that I can recommend without reservation. All of them have their right to exist and you should not consider them in competition - rather as additional validation. Please keep in mind that I only show an excerpt of how you can use the tools. This does not mean that there are not other or additional possibilities. If you missed part 1, click here.

I am using a Kali VM with 4 cores and 4GB RAM as a test environment. Kali is up to date.


OneForAll

How do I get the software?

english version: README.md


git clone https://github.com/shmilylty/OneForAll
cd OneForAll
python3 -m pip install -U pip setuptools wheel
pip3 install -r requirements.txt

install oneforall

cd /OneForAll
python3 oneforall.py --target example.com run

how to use oneforall


The results are saved under /results as a .csv file. The advantage here is that Baidu is also used as a search engine, among other things. Since the search engines like to ban you for some time, it is recommended to use a VPN here and switch between different countries/nodes. I would perform the scan at least 2x.

See you in the next part.


Troubleshooting

install python3:

sudo apt install python3

install pip3

sudo apt install python3-pip