Skip to content

README.md

Latest commit

Β 

History

History
88 lines (65 loc) Β· 1.79 KB

README.md

File metadata and controls

88 lines (65 loc) Β· 1.79 KB

Advanced Subdomain Security Scanner (Metasploit Module)

πŸ“Œ Description

This Metasploit auxiliary module scans all subdomains of a given domain for:

  • πŸ” Open ports using Nmap
  • πŸ›‘οΈ Vulnerabilities using Nuclei
  • ☁️ Azure tenant information

The results are saved to a file of your choice! πŸš€

🎯 Features

βœ… Automatic Subdomain Discovery (via subfinder)

βœ… Full Port Scanning (via nmap)

βœ… Comprehensive Vulnerability Scanning (via nuclei)

βœ… Azure Tenant ID Detection

βœ… Custom Output File for Results

πŸ› οΈ Installation & Requirements

Make sure you have the following tools installed:

sudo apt install nmap
GO111MODULE=on go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
GO111MODULE=on go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest

Then, move the script into your Metasploit modules directory:

cp subdomain_scanner.rb ~/.msf4/modules/auxiliary/

πŸš€ Usage

Run the Metasploit console:

msfconsole

Then, load the module:

use auxiliary/subdomain_scanner

Set the target domain:

set DOMAIN example.com

(Optional) Set a custom output file:

set OUTPUT_FILE example_scan.txt

Run the scan:

run

πŸ“‚ Example Output

[*] Finding subdomains...
[+] Subdomain found: api.example.com
[+] Subdomain found: mail.example.com

[*] Scanning open ports on api.example.com...
[+] Open Port: 443 (HTTPS)

[*] Running Nuclei scan on mail.example.com...
[+] Vulnerability found: Missing SPF Record

[*] Checking Azure Tenant ID for example.com...
[+] Azure Tenant ID: 3fd44b08-37d0-423b-9bbf-a01df935edc1

[βœ”] Scan complete! Results saved to example_scan.txt

πŸ“œ Author

HAMZA EL-HAMDAOUI.