assetfinder
assetfinder is a command-line tool designed to find domains and subdomains associated with a specific domain. It uses multiple data sources to expand coverage and increase result accuracy.
Description
assetfinder helps security researchers and IT professionals discover and understand how the domains and sub-domains of a given organization are distributed. The tool aims to identify possible security flaws and vulnerabilities by revealing associated domains and subdomains.
It leverages various public data sources including crt.sh, certspotter, hackertarget, threatcrowd, Wayback Machine, dns.bufferover.run, Facebook Graph API, Virustotal, and findsubdomains. This multi-source approach provides comprehensive coverage for reconnaissance tasks.
Use cases include initial reconnaissance phases of penetration testing, mapping attack surfaces, and asset discovery for vulnerability assessments.
How It Works
assetfinder queries multiple passive data sources such as crt.sh, certspotter, hackertarget, threatcrowd, Wayback Machine, dns.bufferover.run, Facebook Graph API, Virustotal, and findsubdomains to collect domains and subdomains linked to a target domain. It aggregates and processes results from these APIs and services to compile a list of associated assets without direct interaction with the target infrastructure.
Installation
sudo apt install assetfinderFlags
Examples
assetfinder example.comassetfinder -subs-only example.comassetfinder google.comassetfinder -subs-only tesla.comassetfinder facebook.comassetfinder -subs-only microsoft.com