Offensive Security Certified Professional‬‎ / OSCP |Module5 - Sub_finder.sh

video 16: Scripting EXercise
----
To get the HTML source of the site:

wget "www.megacorpone.com"
less index.html
less index.html | grep "href="| cut -d ":" -f 2| cut -d "/" -f 3| grep "mega"| cut -d '"' -f 1| grep -v "www.megacorpone.com"| uniq >> sub.txt

create a script to know which domain is up:
nano subfinder.sh
for sub in $(cat sub.txt)
do echo $sub
done

chmod +x subfinder.sh
./subfinder.sh
------------------
nano subfinder.sh
if [ $# -eq 0 ]
then
echo "How to use : ./sub_finder <domain>"
echo "Ex: ./subfinder www.megacorpone.com"
else
wget $1 2> /dev/null && less index.html | grep "href="| cut -d ":" -f 2| cut -d "/" -f 3| grep "mega"| cut -d '"' -f 1| grep -v "$www.megacorpone.com"| uniq > sub.txt

for sub in $(cat sub.txt)
do
if [[ $(ping -c 1 $sub 2> /dev/null ) ]]
then
echo "$sub +++++++pong"
echo $sub >> valid_sub.txt
else
echo "$sub-------Error"
fi
done
for ip in $(cat valid_sub.txt)
do
host $ip | cut -d " " -f 4|uniq >>ips.txt
done
echo "DONE ......"
fi
mkdir Final_test
cp subfinder.sh Final_test/
cd Final_test/
./subfinder.sh www.megacorpone.com
------------------------
./subfinder.sh

To know the IP of each sub domain:

host support.megacorpone.com | cut -d " " -f 4