├── .gitignore ├── README.md ├── main.js └── package.json /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules 2 | package-lock.json 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Recon.Dev Subdomain Enum 2 | 3 | A simple Node.js script that extracts subdomains for a specified domain from https://recon.dev API by [@nahamsec](https://twitter.com/NahamSec) & [@Static-Flow](https://twitter.com/_StaticFlow_). You will need to get an API key, you can get one here https://recon.dev/login?screen_hint=signup. 4 | 5 | ## Install 6 | ```bash 7 | export API_RECON_DEV= 8 | git clone https://github.com/JR0ch17/rdse.git 9 | cd rdse/ 10 | npm install -g . 11 | ``` 12 | 13 | ## How to use 14 | #### Output result in an array 15 | ``` 16 | rdse github.com 17 | ``` 18 | 19 | #### Output 20 | ``` 21 | [ 22 | '*.github.com', 23 | '*.registry.github.com', 24 | 'api.github.com', 25 | 'classroom.github.com', 26 | 'import2.github.com', 27 | 'importer2.github.com', 28 | 'porter2.github.com', 29 | 'registry.github.com', 30 | 'render-lab.github.com', 31 | 'render.github.com', 32 | 'uploads.github.com', 33 | 'www.github.com' 34 | ] 35 | ``` 36 | #### Output result as text 37 | ``` 38 | rdse github.com --text 39 | ``` 40 | #### Output 41 | ``` 42 | *.github.com 43 | *.registry.github.com 44 | api.github.com 45 | classroom.github.com 46 | import2.github.com 47 | importer2.github.com 48 | porter2.github.com 49 | registry.github.com 50 | render.github.com 51 | render-lab.github.com 52 | uploads.github.com 53 | www.github.com 54 | ``` 55 | 56 | ## Contributions 57 | Always looking for contributions. 58 | -------------------------------------------------------------------------------- /main.js: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env node 2 | const axios = require('axios'); 3 | const isValidDomain = require('is-valid-domain'); 4 | const hasFlag = require('has-flag'); 5 | 6 | let domain = process.argv[2]; 7 | const key = process.env.API_RECON_DEV; 8 | let subdomains = []; 9 | 10 | if (validation(domain)) { 11 | subdomainRecon(domain) 12 | } 13 | function validation(domain) { 14 | if (!process.env.API_RECON_DEV) { 15 | console.error("Missing API Key"); 16 | return false 17 | } 18 | if (!isValidDomain(domain, key)) { 19 | console.error("Incorrect domain name syntax"); 20 | return false 21 | } 22 | return true 23 | }; 24 | 25 | function subdomainRecon() { 26 | axios.get(`https://recon.dev/api/search?key=${key}&domain=${domain}`) 27 | .then(function (response) { 28 | response.data.map(data => { 29 | data.rawDomains.forEach(subdomain => { 30 | subdomains.push(subdomain); 31 | }); 32 | }); 33 | subdomains = [...new Set(subdomains.sort())]; 34 | if (hasFlag('text')) { 35 | subdomains.forEach(subdomain => { 36 | console.log(subdomain) 37 | }) 38 | } else { 39 | console.dir(subdomains, { 'maxArrayLength': null }); 40 | } 41 | }) 42 | .catch(function (error) { 43 | console.error(`Could not fetch subdomains: ${error}`); 44 | }) 45 | .finally(function () { 46 | }); 47 | }; 48 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "rdse", 3 | "version": "1.0.1", 4 | "description": "Grab subdomains from api.recon.dev", 5 | "main": "./main.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "Jasmin Landry @JR0ch17", 10 | "license": "ISC", 11 | "bin": { 12 | "rdse": "./main.js" 13 | }, 14 | "dependencies": { 15 | "axios": "^0.19.2", 16 | "has-flag": "^4.0.0", 17 | "is-valid-domain": "0.0.14" 18 | } 19 | } 20 | --------------------------------------------------------------------------------