A python script that automates my discovery process and recon workflow for given target domains/assets, by utilizing open-source tools used for web application testing.
- Utilizes "Amass" in enum mode to collect subdomains under given domains.
- Utilizes an open-source tool by gwen001 to perform GitHub-dorking with a GitHub access token to collect more subdomains.
- Utilizes "Aquatone" to perform visual sorting of discovered end-points to seperate unique web applications from duplicate ones.
- Utilizes "Subdomainizer" to scan responses and JS files for potentially sensitive information.
- Clone "Huntsman" from Github:
git clone https://github.com/Import3r/Huntsman.git- Change directory to "Huntsman":
cd Huntsman- Install needed packages from apt_packages.txt:
xargs -r -a apt_packages.txt sudo apt-get install -y- Run "Huntsman":
python3 main.pyNote: running "Huntsman" for the first time may trigger the installer prompt for missing tools.