Name:findomain
Category:Recon
Publisher:trickest-mhmdiaa
Created:2/5/2022
Container:quay.io/trickest/findomain:5.1.1
Output Type:
License:Unknown

Parameters

pscan
boolean
--pscanEnable port scanner.
quiet
boolean
--quietRemove informative messages but show fatal errors or subdomains not found message.
aempty
boolean
--aemptySend alert to webhooks still when no new subdomains have been found.
filter
string
--filterFilter subdomains containing specifics strings.
jobname
string
--jobnameUse an database identifier for jobs. It is useful when you want to relate different targets into a same job name. To extract the data by job name identifier, use the query-jobname option.
resolved
boolean
--resolvedShow/write only resolved subdomains.
wordlist
file
required
--wordlistWordlist file to use in the bruteforce process. Using it option automatically enables bruteforce mode.
ipv6-only
boolean
--ipv6-onlyPerform a IPv6 lookup only
last-port
string
--lportLast port to scan. Default 1000.
randomize
boolean
--randomizeEnable randomization when reading targets from files.
resolvers
file
--resolversPath to a file containing a list of DNS IP address. If no specified then Google, Cloudflare and Quad9 DNS servers are used.
enable-dot
boolean
--enable-dotEnable DNS over TLS for resolving subdomains IPs.
no-monitor
boolean
--no-monitorDisable monitoring mode while saving data to database.
no-resolve
boolean
--no-resolveDisable pre-screenshotting jobs (http check and ip discover) when used as resolver to take screenshots.
rate-limit
string
--rate-limitSet the rate limit in seconds for each target during enumeration.
subdomains
file
required
--fileUse a list of subdomains writen in a file as input.
as-resolver
boolean
--as-resolverUse Findomain as resolver for a list of domains in a file.
config-file
file
--configUse a configuration file. The default configuration file is findomain and the format can be toml, json, hjson, ini or yml.
http-status
boolean
--http-statusCheck the HTTP status of subdomains.
target-host
string
required
--targetTarget host.
user-agents
file
--uaPath to file containing user agents strings.
http-timeout
string
--http-timeoutValue in seconds for the HTTP Status check of subdomains. Default 5
initial-port
string
--iportInitial port to scan. Default 0.
no-wildcards
boolean
--no-wildcardsDisable wilcard detection when resolving subdomains.
verbose-mode
boolean
--verboseEnable verbose mode (useful to debug problems).
postgres-host
string
--postgres-hostPostgresql host.
postgres-port
string
--postgres-portPostgresql port.
postgres-user
string
--postgres-userPostgresql username.
query-jobname
string
--query-jobnameExtract all the subdomains from the database where the job name is the specified using the jobname option.
chrome-sandbox
boolean
--sandboxEnable Chrome/Chromium sandbox. It is disabled by default because a big number of users run the tool using the root user by default. Make sure you are not running the program as root user before using this option.
monitoring-mde
boolean
--monitoring-flagActivate Findomain monitoring mode
query-database
boolean
--query-databaseQuery the findomain database to search subdomains that have already been discovered.
exclude-sources
string
--exclude-sourcesExclude sources from searching subdomains in. [possible values: certspotter, crtsh, virustotal, sublist3r, facebook, spyse, bufferover, threatcrowd, virustotalapikey, anubis, urlscan, securitytrails, threatminer,archiveorg, c99, ctsearch]
show-resolved-ip
boolean
--ipShow/write the ip address of resolved subdomains.
import-subdomains
file
--import-subdomainsImport subdomains from one or multiple files. Subdomains need to be one per line in the file to import.
postgres-database
string
--postgres-databasePostgresql database.
postgres-password
string
--postgres-passwordPostgresql password.
external-subdomains
boolean
--external-subdomainsGet external subdomains with amass and subfinder
exclude-subdomain-strings
string
--excludeExclude subdomains containing specifics strings.