BOOK THIS SPACE FOR AD
ARTICLE ADSet up an automated system to monitor and alert for newly discovered subdomains.
notifyhaktrailssubfinderanewWe will use haktrails and subfinder for subdomain enumeration. You can also use other tools of your choice such as owasp-amass. Additionally, we will use notify to send notifications. notify can be configured to send results to various platforms including Slack, Discord, Telegram, Google Chat, Pushover, SMTP, and custom webhooks.
To use haktrails, you’ll need to set up your config file containing your SecurityTrails API key.
It will give error that Only business email addresses are allowed, but you can simply use the temp mail and it will work.
subfinder can be used immediately after installation, but many sources require API keys to work. To maximize output, you should register for API keys; many providers offer a free version with certain limitations.
Reference: https://docs.projectdiscovery.io/tools/subfinder/install#post-install-configuration
To send the results using the notify tool, we must add the webhooks to the config file. You can find an example config file here.
Before running the automation, make sure to first gather the existing subdomains and save them to a file. This way, when you run the final script, you will only receive notifications for any newly discovered domains. If you skip this step, you will be flooded with notifications for hundreds or thousands of subdomains.
Here’s the command you can run to gather the existing subdomains.
To receive notifications for the newly discovered subdomain, we can use the following simple script.
For Linux, here is the bash script.
domain="target.com"
file_name="path/to/all-subdomains.txt"
subfinder -d $domain -silent -nc -all | tr '[:upper:]' '[:lower:]' | anew $file_name | notify -bulk -silent -provider discord
echo $domain | haktrails subdomains | tr '[:upper:]' '[:lower:]' | anew $file_name | notify -bulk -silent -provider discord
For Windows, here is the Powershell script.
$domain = "target.com"$file_name = "path\to\all-subdomains.txt"
subfinder -d $domain -silent -nc -all | ForEach-Object { $_.ToLower() } | anew $file_name | notify -bulk -silent -provider discord
echo $domain | haktrails subdomains | ForEach-Object { $_.ToLower() } | anew $file_name | notify -bulk -silent -provider discord
To find subdomains, use the commands subfinder -d $domain -silent -nc -all or echo $domain | haktrails subdomains. Then, use tr '[:upper:]' '[:lower:]' or ForEach-Object { $_.ToLower() } to convert the piped input to lowercase because domain names are case insensitive. This step is important as anew will treat different case text as different and we want to avoid duplicate results.
To append all new lines to a file that are not present in file, use the command anew $file_name.
Finally, to send the results to Discord, use the command notify -bulk -silent -provider discord. You can use any provider of your choice.
Now that we have our script, we want to automatically run this script at certain intervals to continuously monitor the newly discovered subdomains. There are multiple ways to achieve this.
In Windows, you can create a scheduled task to automatically run a PowerShell script at specific times or intervals. You can use the following PowerShell command to create a scheduled task:
Save the PowerShell script as monitor.ps1.$taskTrigger = New-ScheduledTaskTrigger -Weekly -At 12:00AM -DaysOfWeek Sunday$Action = New-ScheduledTaskAction -Execute "C:\Program Files\PowerShell\7\pwsh.exe" -Argument "path\to\monitor.ps1"
Register-ScheduledTask -TaskName "Subdomain Monitoring" -Trigger $taskTrigger -Action $Action
Basic Crontab Syntax
MIN HOUR DOM MON DOW CMDMIN for minutes (0–59).HOUR for hours (0–23).DOM for day of the month (1–31).MON for month (1–12 or JAN — DEC).DOW for day of the week (0–7 or SUN — SAT).CMD command.Examples:
Every Minute
* * * * * /path/to/scriptEvery Day at Midnight
0 0 * * * /path/to/scriptEvery 1st of the Month
0 0 1 * * /path/to/scriptEvery Sunday at Midnight
0 0 * * 7 /path/to/scriptEvery Weekday at 4 AM
0 4 * * 1-5 /path/to/scriptAt 4 AM on Tuesdays and Thursdays
0 4 * * 2,4 /path/to/scriptEvery 20 Minutes — Multiple Scripts
*/20 * * * * /path/to/script1; /path/to/script2Cron job syntax
Crontabs use the following flags for adding and listing cron jobs.
crontab -eedits crontab entries to add, delete, or edit cron jobs.crontab -llist all the cron jobs for the current user.Reference:
https://www.freecodecamp.org/news/cron-jobs-in-linux/https://phoenixnap.com/kb/set-up-cron-job-linuxYou can also use an infinite loop with a sleep command to run the script at specific intervals.
Bash:
while :do
./monitor.sh # Your script logic here
sleep 3600 # Wait for 1 hour
done
PowerShell:
while ($true) {# Your script logic here
Start-Sleep -Seconds (4 * 24 * 60 * 60) # Wait for 4 days
}
Happy Hacking