subfinder
goctopus
subfinder | goctopus | |
---|---|---|
8 | 3 | |
9,381 | 91 | |
1.6% | - | |
9.4 | 7.6 | |
3 days ago | 6 months ago | |
Go | Go | |
MIT License | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
subfinder
-
Subdomain.center – discover all subdomains for a domain
https://github.com/projectdiscovery/subfinder does this, but it explains all the methods and lets you choose to only do a passive scan.
-
Introducing Goctopus: open-source, state-of-the-art GraphQL endpoint discovery & fingerprinting tool.
Subdomain Enumeration: Goctopus uses DNS records APIs via subfinder to enumerate subdomains.
-
Subdomain enumeration.
Subfinder
-
Can authenticated internet-facing web app be discovered if not indexed by search engines?
My main source is Certificate Transparency, which is kind of a database of TLS certs created so far. But use external tools like Subfinder or Amass.
- Como saber todos os domínios que uma empresa tem?
- How to find out domain names registered by a particular domain registrar?
-
Intellingence-Resources
Subfinder - https://github.com/projectdiscovery/subfinder
-
Subdomain Enumeration
The best CLI tool for finding subdomains is subfinder. It is made by ProjectDiscovery who creates really powerful tools. They recently got funded $1.7 million so that the devs could work full time on developing and maintaining these tools.
goctopus
-
Leveraging Temporal for resilient remote procedure calls (RPC)
Our stack at Escape is written in multiple languages because each team has specific needs. We use TypeScript for its vibrant ecosystem, Python for cybersecurity research and Go for performance-sensitive tasks. To orchestrate cross-language task orchestration, we first developed a simple request-response protocol over HTTP, but it wasn't sustainable as the Escape codebase grew rapidly. We evaluated several technologies to replace our homegrown protocol, and two emerged as the most promising options: Connect and Temporal. The title gives it away, but the reason is far from obvious
-
Introducing Goctopus: open-source, state-of-the-art GraphQL endpoint discovery & fingerprinting tool.
We're actively looking for ways to enhance Goctopus, and we welcome contributions. Feel free to raise issues or PRs on our GitHub repo. We're excited to see where the community can take this project.
-
Demystifying GraphQL Security: A Comprehensive Guide to Introspection
Using subdomain enumeration, web crawling, and brute forcing, Goctopus can find any of your GraphQL endpoints and know whether introspection or field suggestions are enabled on each of them.
What are some alternatives?
amass - In-depth attack surface mapping and asset discovery
RickNMortyCompose - A Jetpack compose android app based on Rick and Morty Graphql
assetfinder - Find domains and subdomains related to a given domain
temporal101
httprobe - Take a list of domains and probe for working HTTP and HTTPS servers
graphinder - 🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️
breach-parse - A tool for parsing breached passwords
connect-es - The TypeScript implementation of Connect: Protobuf RPC that works.
gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
subby - An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records.
certificate-transparency - Auditing for TLS certificates.