Name:findomain
Category:Recon
Publisher:trickest-mhmdiaa
Created:2/5/2022
Container:
quay.io/trickest/findomain:5.1.1Output Type:
License:Unknown
Source:View Source
Parameters
--pscanEnable port scanner.--quietRemove informative messages but show fatal errors or subdomains not found message.--aemptySend alert to webhooks still when no new subdomains have been found.--filterFilter subdomains containing specifics strings.--jobnameUse an database identifier for jobs. It is useful when you want to relate different targets into a same job name. To extract the data by job name identifier, use the query-jobname option.--resolvedShow/write only resolved subdomains.--wordlistWordlist file to use in the bruteforce process. Using it option automatically enables bruteforce mode.--ipv6-onlyPerform a IPv6 lookup only--lportLast port to scan. Default 1000.--randomizeEnable randomization when reading targets from files.--resolversPath to a file containing a list of DNS IP address. If no specified then Google, Cloudflare and Quad9 DNS servers are used.--enable-dotEnable DNS over TLS for resolving subdomains IPs.--no-monitorDisable monitoring mode while saving data to database.--no-resolveDisable pre-screenshotting jobs (http check and ip discover) when used as resolver to take screenshots.--rate-limitSet the rate limit in seconds for each target during enumeration.--fileUse a list of subdomains writen in a file as input.--as-resolverUse Findomain as resolver for a list of domains in a file.--configUse a configuration file. The default configuration file is findomain and the format can be toml, json, hjson, ini or yml.--http-statusCheck the HTTP status of subdomains.--targetTarget host.--uaPath to file containing user agents strings.--http-timeoutValue in seconds for the HTTP Status check of subdomains. Default 5--iportInitial port to scan. Default 0.--no-wildcardsDisable wilcard detection when resolving subdomains.--verboseEnable verbose mode (useful to debug problems).--postgres-hostPostgresql host.--postgres-portPostgresql port.--postgres-userPostgresql username.--query-jobnameExtract all the subdomains from the database where the job name is the specified using the jobname option.--sandboxEnable Chrome/Chromium sandbox. It is disabled by default because a big number of users run the tool using the root user by default. Make sure you are not running the program as root user before using this option.--monitoring-flagActivate Findomain monitoring mode--query-databaseQuery the findomain database to search subdomains that have already been discovered.--exclude-sourcesExclude sources from searching subdomains in. [possible values: certspotter, crtsh, virustotal, sublist3r, facebook, spyse, bufferover, threatcrowd, virustotalapikey, anubis, urlscan, securitytrails, threatminer,archiveorg, c99, ctsearch]--ipShow/write the ip address of resolved subdomains.--import-subdomainsImport subdomains from one or multiple files. Subdomains need to be one per line in the file to import.--postgres-databasePostgresql database.--postgres-passwordPostgresql password.--external-subdomainsGet external subdomains with amass and subfinder--excludeExclude subdomains containing specifics strings.