Black Hat Bash - Bash Scripting for Hackers and Pentesters (Early Access) (Dolev Farhi, Nick Aleks)

Google search query to search for files on GitHub provided by

community members: subdomain wordlist

site:gist.github.com. This will search GitHub for code

snippets (also called gists) containing the word subdomain wordlist.

For the purposes of this example, we’ll use the subdomain list at

https://github.com/dolevf/Black-Hat-

Bash/blob/master/ch04/subdomains-1000.txt. Download it and save

it in your home directory. The file contains one subdomain per line

without an associated parent domain. You’ll have to join each

subdomain with the target’s parent domain to form a fully qualified

domain name (FQDN). As in the previous section, we’ll show two

strategies for accomplishing this task: using a while loop and using

sed.

The while Loop Approach

The script in Listing 4-5 accepts a parent domain and a word list

from the user, then prints a list of fully qualified subdomains using

the word list we downloaded earlier.

#!/bin/bash

DOMAIN="${1}"

FILE="${2}"

# Read the file from standard input and echo the full domain

while read -r subdomain; do

echo "${subdomain}.${DOMAIN}"

done < "${FILE}"

Listing 4-5

Generating a list of subdomains using a while loop

The script uses a while loop to read the file and assign each

line to the subdomain variable in turn. The echo command then

concatenates these two strings together to form a full domain name.

Save this script as generate_subdomains.sh and provide it with two

arguments:

$ ./generate_subdomains.sh example.com subdomains-1000.txt

www.example.com

mail.example.com

ftp.example.com

localhost.example.com

webmail.example.com

--snip--