When you are fuzzing a subdomain, You may find admin panels or even sensitive files. Let’s say you find a .git directory during directory fuzzing, You can download the source code of the application using this git dumper tool https://github.com/arthaud/git-dumper. This source code may contain credentials. You can find many articles related to this issue online.

Before even starting, we need to check if the domain is alive or not, Because large number of requests to a dead domain is just a waste of time. Let’s write a script to check for the domain we want to test.

Code:

Save this code as whatever.py, this script send requests to both port 80 and 443 to check the domain status. Using this script you are only going to hit robots.txt endpoint. Let’s focus to robots.txt, other than this endpoints will be just too large in size. Also, This is only used to fill up except blocks. Isdomainlive function return the list of domains with respective scheme if they are available, otherwise return False.

Code:

As seen in Line 4, you will download the directory wordlist from the dirsearch Github repository. The first will be to check whether the Domain is live or not. If the Domain is live, then fuzzing will start. Otherwise, it will just go to the next subdomain. The whole process takes a while because of the number of domains and subdomains. If you want to run this script in the behind the scene, you can use screen.

Happy Hunting !!