Raptor

Passive subdomain enumeration tool with http-probe.
Alternatives To Raptor
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Subfinder7,678111 hours ago57August 03, 202217mitGo
Fast passive subdomain enumeration tool.
Reconftw4,304
a day ago28gpl-3.0HTML
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Pentest Tools2,652
5 months ago1Python
A collection of custom security tools for quick needs.
Vulnx1,632
11 days ago2June 04, 201918gpl-3.0Python
vulnx 🕷️ an intelligent Bot, Shell can achieve automatic injection, and help researchers detect security vulnerabilities CMS system. It can perform a quick CMS security detection, information collection (including sub-domain name, ip address, country information, organizational information and time zone, etc.) and vulnerability scanning.
Puredns1,241
24 days ago7December 02, 20214gpl-3.0Go
Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
K8cscan996
3 years ago5mitPython
K8Ladon大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
Goofuzz801
2 months agogpl-3.0Shell
GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target's server and by means of advanced Google searches (Google Dorking).
Favfreak723
a year ago4mitPython
Making Favicon.ico based Recon Great again !
Information_collection_handbook694
3 months ago
Handbook of information collection for penetration testing and src
Sublert687
2 years ago12mitPython
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Alternatives To Raptor
Select To Compare


Alternative Project Comparisons
Readme

Passive Subdomain Enumeration Tool with Http-Probe.


raptor


Raptor is a subdomain enumeration tool that discovers valid subdomains for websites passively.

Raptor designed to comply with all passive sources licenses, and usage restrictions but speed in mind.

This software currently employs 22 free and commercial services. (Constantly updated if any new resource out there.)

For better results I highly encourage you to get API keys.

Also http-probe included which means user can identify dead&alive subdomains and various open-ports easily.

Think this is useful? ⭐️ Star us on GitHub it helps!

Usage

To install requirements execute the command below

pip3 install -r requirements.txt  

Find subdomains of 'example.com' .

python3 main.py --domain example.com
Or
python3 main.py -d example.com

Specify filename and extension otherwise it will use default one.

python3 main.py --domain example.com --output example.txt  
Or
python3 main.py -d example.com -o example.txt  

For Outputs check outputs directory.

Use http-probe to identify dead & alive subdomains and various ports. (*This option will take for a while to finish)

python3 main.py --domain example.com --probe   
Or
python3 main.py -d example.com -p  

Verbose mode for details.

python3 main.py --domain example.com --output example.txt --verbose
Or
python3 main.py -d example.com -o example.txt -v

Run with Docker

Build an image

docker build -t hj23/raptor .

Run in a container

docker run --rm -v $PWD/outputs:/outputs hj23/raptor -d example.com

API keys for commercial services.

These are the commercial services it uses:

- Bing
- BinaryEdge
- VirusTotal
- Shodan
- UrlScan
- Censys

But all these services  provide free limited request package with automatic renewal basis.

for Bing limit is 1000 requests per month.
for BinaryEdge limit is 250 requests per month. 
for VirusTotal limit is 500 requests per day.
for Shodan if you have academic email limit is 100 requests per month. (1 request = 100 result)
for UrlScan limit is 1000 requests per day.
for Censys limit is 250 requests per month.

Having trouble with API keys ?

Check out our guide here : How to get API keys for Raptor ?

Why this tool works slower than others ?

Well faster not always means better. API calls might take reasonable amount of time. But most importantly in order not to exceed limits stated above scripts adjusted not only for best performance but also best for API call allowance.

Todo


Logo Credits : https://www.freepik.com/iyasalif

Popular Subdomain Projects
Popular Hackers Projects
Popular Networking Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Python
Python3
Hacking
Cybersecurity
Probe
Subdomain
Osint
Subdomain Scanner