Home > Uncategorized > Enumerating Domains of Specific Organisations

Enumerating Domains of Specific Organisations

My friend Paul wrote a tweet about a useful tip on how to enumerate the domains of a specific organization using curl.

Do follow him at @PaulWebSec if you haven’t.

I decided to expand on his tip.  It might be sometimes hard to find out the full organization name but you do know the domain name that they use (or maybe I am just lazy)

Below is the script that I wrote.  You only need to provide the domain name that the organization is using.    Please see the below example.

$ python test.py -h

Usage: test.py [options]
  -h, –help  show this help message and exit
  -t THREADS  number of threads
  -n DOMAIN   domain name
  -r          resolve DNS name

Below is an example of the script running against TechCrunch.com

$ python test.py -n techcrunch.com -t 20 -r
[*] Found the below organization names
TechCrunch, Inc., TechCrunch

[*] Found the below domains
——– redacted for brevity ——–

[*] Results
—————————-  ——————————————-
5echcrunch.com    ,
6echcrunch.com    ,
crunch-pad.biz      ,
crunch-pad.info     ,
crunch-pad.net      ,

——– redacted for brevity ——–


The script can be downloaded from https://gist.github.com/milo2012/1714d2952c09b96ba2d8777f1cbf9de1

Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: