What is the purpose of Assetfinder?
Assetfinder is a open source tool. In order to obtain a larger number of relevant subdomains of your target, we need to have a powerful and potential script that will automate our work and return a list of subdomains. That's why assetfinder is a tool to help us obtain subdomains of our target. Assetfinder is a Golang language based tool used to get potential subdomains of our target domain.
Here are the primary uses of Assetfinder:
-
Subdomain Enumeration: Assetfinder assists its users in searching for subdomains of a target domain, which is very useful during the preliminary analysis phase of the target system when conducting a penetration test or vulnerability assessment.
-
Asset Discovery: Assetfinder helps find various assets associated with a domain name to be able to have an overview of the attack surface that a target has. For example, associated services and IP address resolution.
-
Data Analysis Assetfinder provides options for analyzing discovered data, allowing users to filter, sort and visualize information. These features make it a user-friendly and efficient tool for providing preliminary information prior to vulnerability detection in the target system.
-
Integration with Other Tools: Assetfinder can be integrated with other tools and scripts in a security toolkit, enhancing overall capabilities for information gathering and vulnerability identification.
Core Features
- Subdomain Discovery
- IP Address Resolution
- Domain Search
- Customizable Output Formats
- Filtering Options
- Integration Capabilities
Data sources:
- Assetfinder uses multiple data sources to perform its research, including:
- crt.sh
- certspotter
- hackertarget
- threatcrowd
- Wayback Machine
- dns.bufferover.run
- Facebook Graph API
- Virustotal
- findsubdomains This expands coverage and increases the accuracy of results.
Common Assetfinder Commands
1. Basic Usage
- This command discovers subdomains for the specified target domain.
assetfinder <target_domain>
2. File Input
- This command reads a list of domains from a file and discovers subdomains for each one.
assetfinder -subs-only -f <file>
3. Output to File
- This command saves the discovered subdomains to a specified output file.
assetfinder <target_domain> -o <output_file>
4. Include or Exclude Specific Domains
- This command allows users to include or exclude specific domains during the discovery process.
assetfinder --include <domain> <target_domain>
assetfinder --exclude <domain> <target_domain>
5. Custom User-Agent
- This command sets a custom User-Agent string for the requests made by Assetfinder.
assetfinder -user-agent "<User-Agent>"
6. Verbose Output
- This command enables verbose output for detailed information about the discovery process.
assetfinder -v <target_domain>
7. Help and Usage Information
- Displays help information, including available commands and options for using Assetfinder.
assetfinder -h
Alternative usage:
assetfinder --help
Output Examples of Assetfinder Commands
Command| Example Usage| Function| Output Example
---|---|---|---
Basic Usage| assetfinder example.com| Discovers subdomains for the specified target domain.| Subdomains found: sub1.example.com, sub2.example.com
Subdomain Only| assetfinder -subs-only example.com| Retrieves only subdomains without resolving to IP addresses.| Subdomains found: sub1.example.com, sub2.example.com
File Input| assetfinder -subs-only -f domains.txt| Reads a list of domains from a file and discovers subdomains for each one.| Testing domains from domains.txt...
Output to File| assetfinder example.com -o results.txt| Saves the discovered subdomains to a specified output file.| Results saved to results.txt
Include Specific Domain| assetfinder --include sub.example.com example.com| Includes specific domains during the discovery process.| Including sub.example.com in the results
Exclude Specific Domain| assetfinder --exclude sub.example.com example.com| Excludes specific domains from the discovery process.| Excluding sub.example.com from the results
Custom User-Agent| assetfinder -user-agent "Mozilla/5.0" example.com| Sets a custom User-Agent string for the requests.| Request sent with custom User-Agent
Verbose Output| assetfinder -v example.com| Enables verbose output for detailed information about the discovery process.| Verbose mode enabled: ...
Help and Usage Information| assetfinder -h| Displays help information, including available commands and options.| Usage: assetfinder [options] <target>
JSON Output| assetfinder example.com -o results.json -json| Saves the discovered subdomains in JSON format for easier integration.| Results saved in JSON format to results.json
Rate Limit| assetfinder --rate-limit 100 example.com| Limits the number of requests per second during discovery.| Rate limit set to 100 requests per second
DNS Resolution| assetfinder -resolve example.com| Resolves the discovered subdomains to their corresponding IP addresses.| Resolved: sub1.example.com -> 192.0.2.1
Check for Live Hosts| assetfinder -live example.com| Checks if the discovered subdomains are live.| Live hosts found: sub1.example.com
Output Format| assetfinder example.com -o results.csv -format csv| Specifies the output format when saving results.| Results saved to results.csv
Timeout Configuration| assetfinder --timeout 10 example.com| Sets a timeout for requests to avoid hanging.| Timeout set to 10 seconds