A simple & lightweight domain crawler that uses a pre-defined wordlist to discover subdomains on specified domain.
You may want to discover subdomains of a target domain to evaluate if there are vulnerable applications hosted on those subdomains. Take the following as an example:
In the Cookie HTTP header declartion
- Be mindful of the
Path
andDomain
attributes
To set a cookie for //company1.example.com/
only:
Set-Cookie: name=value; Path=/
- Omitting the Domain attribute makes the cookie only valid for the domain that it was set in (excluding subdomain). While declaring it will make it include the subdomain
**Meaning that if the Cookie header is not securely declared, a XSS vulerable application hosted on a subdomain will allow the cookie declared for the main application to be exposed by the XSS vector seen on the subdomain (unless you had declared HttpOnly) **
A great way to discover a given * scope on bug bounty program.
Written in python 2.7, make sure to use the appropriate interrupter.
python crawler.py -h tesla.com
Please do not use this program where unauthorized.
Author | @bryanwei |
See the LICENSE file.