subquest
Fast, Elegant subdomain scanner using nodejs
Installation
If you want to use it as cli tool, you must install it globally first:
sudo npm install -g subquest
Usage
Usage: subquest [options] <domain to scan>
Examples:
subquest google.com
subquest facebook.com -s 8.8.8.8 -r 20 -d top_50
subquest twitter.com -s 8.8.8.8 -d all
Options:
-h, --help output usage information
-V, --version output the version number
-b, --bingSearch use Bing search to list all possible subdomains
-s, --server [ip] specify your custom DNS resolver
-r, --rateLimit [limit] set the Rate Limit [Default value is 10]
-d, --dictionary [type] set the dictionary for bruteforcing [top_100]
Using it in your modules
If you want to use it as a node module you can install and add it to your project dependencies:
npm install subquest
Than you can require it in your script and use it:
After v1.5.0
After the version 1.5.0 the module doesn't use event emitters, just callbacks,
const subquest = require('subquest')
subquest.getSubDomains({
host: 'google.com'
}, (err, results) => {
if(err) {
console.log('Error:', err);
return;
}
console.log('Subdomains:', results);
})
Before v1.5.0
Before the version 1.5.0 the module makes use of event emitters to determine when it's done.
var subquest = require('subquest');
subquest
.getSubDomains({
host: 'google.com',
rateLimit:'4',
dnsServer:'4.2.2.2',
dictionary: 'top_200'
})
.on('end', function(res){
console.log(res);
})
This scans google.com for the list of all subdomains using the top_200 dictionary.
Methods
- getDefaultResolvers: Return the default DNS servers used for the scan
- isValidDnsServer: Test if a given address is valid DNS server
- getResolvers: Get the list of all the resolvers (DNS Servers) used in the scan, both default and custom
- getDictionaryNames: Get the list of the dictionary files used in the scan
- getSubDomains: Run the scan against the domain to enumerate all subdomains
Want to add a new entry to Subquest's dictionary?
Add your list of subdomain names to the ./dictionary/all.txt
file and send a pull request.
Credits