Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
This gives you the ability to run multiple domains within the same session. The tool only has one module that needs an API key (/api/google_site) find instructions for that on the recon-ng wiki.
Setting up Enumall for Subdomain Discovery
Install recon-ng from Source, clone the Recon-ng repository:
git clone https://[email protected]/LaNMaSteR53/recon-ng.git
Change into the Recon-ng directory:
pip install -r REQUIREMENTS
Link the installation directory to /usr/share/recon-ng
ln -s /$recon-ng_path /usr/share/recon-ng
Optionally (highly recommended) download:
– A good subdomain bruteforce list (example here)
Create the config.py file and specify the path to Recon-ng and AltDNS as it showed in config_sample.py.