Dome

This tool is recommended for bug bounty hunters and pentester in their reconnaissance phase (the more surface area exposed the faster a rock with break down). If you want to use more OSINT engines, fill the config.api file with the needed API tokens.

- Passive Mode:
Use OSINT techniques to obtain subdomains from the target. This mode will not make any connection to the target so it is undetectable.
- Active Mode:
Perform bruteforce attacks to obtain alive subdomains: pure bruteforce or wordlist based

Top Features:
- Easy to use. Just install the requirements.txt and run
- Active and Passive scan (read above)
- Faster than other subdomain enumeration tools
- 7 different resolvers/nameservers including google, cloudfare (fastest), Quad9 and cisco DNS (use --resolvers filename.txt to use a custom list of resolvers, one per line)
- Up to 21 different OSINT sources
- Subdomains obtained via OSINT are tested to know if they are alive (only in active mode)
- Support for webs that requires API token
- Detects when api key is no longer working (Other tools just throw an error and stops working)
- Wildcard detection and bypass
- Custom Port scaning and built-in params for Top100,Top1000 and Top Web ports
- Colored and uncolored output for easy read
- Windows and Python 2/3 support (Python 3 is recommended)
- Highly customizable through arguments
- Scan more than one domain simultaneously
- Possibility to use threads for faster bruteforce scans
- Export output in different formats such as txt, json, html