Dome – Python Script To Obtain Subdomains And Search For Open Ports

Dome is an automated cyber-security tool developed in the Python language that is used in the process of subdomain enumerations. This subdomain can be tested for getting the bugs out of it. The Dome tool has an active and passive mode for the enumeration process. Dome tool is available on the GitHub platform for free and is open source to use. This tool is highly recommended for security researchers and bug bounty hunters.

Passive Mode:

This is the safe mode that is undetectable by the target domain. In this mode, no active connection will be done between the target domain and the attacker’s machine.

Active Mode:

Perform brute-force attacks to obtain alive subdomains. There are 2 types of brute force. Here there is a risk of getting detected on the target server:

• Pure Bruteforce: Check subdomains from a.domain.com to zzz.domain.com (26 + 26^2 + 26^3 = 18278 subdomains) this bruteforce can be disabled with -nb, –no-bruteforce
• Wordlist based: Use a custom wordlist provided by the user using the flag -w, –wordlist. If no wordlists are specified, this mode won’t be executed.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of Dome Tool on Kali Linux OS

Step 1: In this step, we will be getting the Dome tool repository from Github.

git clone https://github.com/v4d1/Dome.git

Step 2: We have cloned the repository from Github, now we will navigate to the directory in which the python file is situated.

cd Dome

Step 3: You are in the directory of Dome. Now you have to install a dependency of the serenity using the following command.

sudo pip install -r requirements.txt

Step 4: Run the below command to verify the installation and check the help section of the tool.

python3 dome.py -h

Working with Dome Tool on Kali Linux OS

Example 1: Perform active and passive scan, show the IP address of each subdomain and make a port scan using top-web-ports. Data will also be written in /the results folder

python3 dome.py -m active -d geeksforgeeks.org -w wordlists/wordlist.txt -i –top-web-ports -o

In this example, we are performing a simple scan on the geeksforgeeks.org domain which will give us the subdomains and the tool will also check the top ports.

We have got the list of subdomains of geeksforgeeks.org.

Example 2: Perform passive scan in silent mode and write output to files

python3 dome.py -m passive -d geeksforgeeks.org –silent –output

In this example, we are performing a silent scan without any run-time messages or logs.

Our results are saved in the results directory with various files.

We have displayed the results_geeksforgeeks.html file which shows the list of subdomains.

Example 3: Only Bruteforce with the wordlist

python3 dome.py -m active -d geeksforgeeks.org -w wordlists/subdomains-5000.txt –no-bruteforce

In this example, we are brute-forcing the subdomain scan by using the wordlist (subdomains-5000.txt).

Example 4: Scan active and passive and perform port scan ONLY in ports 22,80,3306

python3 dome.py -m active -d geeksforgeeks.org -w wordlists/top1million.txt -p 22,80,3306

In this example, we are checking for the specific ports on the target domain.

We have got the list of open ports and the subdomains.