A Python 3.5+ tool that uses asyncio to brute force domain names asynchronously. It's fast. Benchmarks on small VPS hosts put around 100k DNS resolutions at 1.5-2mins. An amazon M3 box was used to make 1 mil requests in just over 3 minutes. Your mileage may vary. It's probably best to avoid using Google's resolvers if you're purely interested in speed. Trickest currently supports only json output for aiodnsbrute.

The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.

The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.

The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques. This version produces JSON output

Find domains and subdomains potentially related to a given domain.

Extracting URLs of a specific target based on the results of "commoncrawl.org".

Scrape domain names from SSL certificates of arbitrary hosts

Extract pieces of info from a web page's Wayback Machine history

Multi-cloud enumeration utility

LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping

A tool written in golang to perform permutations, mutations and alteration of subdomains and brute force the result.

Author description - DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality of the original tool and in the process re-learn how DNS works and how could it be used in the process of a security assessment and network troubleshooting. This tool provides the ability to perform: Check all NS Records for Zone Transfers; Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT); Perform common SRV Record Enumeration; Top Level Domain (TLD) Expansion; Check for Wildcard Resolution; Brute Force subdomain and host A and AAAA records given a domain and a wordlist; Perform a PTR Record lookup for a given IP Range or CIDR; Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check.

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple probers using retryabledns library, that allows you to perform multiple DNS queries of your choice with a list of user supplied resolvers.

List all public repositories for (valid) Github usernames

The complete solution for domain recognition. Supports screenshotting, port scan, HTTP check, data import from other tools, subdomain monitoring.

GET-ACQ is a python tool used to gather all companies acquired by a given company domain name. It is done by calling SecurityTrails API.

Find endpoints on GitHub

Find subdomains on GitHub

GoAltdns is a permutation generation tool that can take a list of subdomains, permute them using a wordlist, insert indexes, numbers, dashes and increase your chance of finding that estoeric subdomain that no-one found during bug-bounty or pentest.

A tool used to brute-force DNS subodmains(with wildcard support)