Bash Script for Subdomain Hunting

                                            Bash Script for Subdomain Hunting

Instructions:

Save the script into a file, e.g., subdomain_hunting.sh.

Make the script executable: chmod +x subdomain_hunting.sh.

Prepare a wordlist file (subdomains.txt) with a list of potential subdomains, one per line. There are numerous wordlists available online for this purpose.

Run the script, providing the target domain as an argument: ./subdomain_hunting.sh target_domain.com.

Keep in mind that this is a basic subdomain hunting script, and there are more advanced tools and techniques available for subdomain enumeration. 

Always use such scripts responsibly and with proper authorization. Additionally, some websites may have security measures to block automated enumeration, so be cautious and ensure you are not violating any terms of service or laws.

Code:

#!/bin/bash

# Usage: ./subdomain_hunting.sh target_domain.com

if [ $# -ne 1 ]; then

    echo "Usage: $0 target_domain.com"

    exit 1

fi

target_domain="$1"

wordlist="subdomains.txt"  # Update this with the path to your wordlist file

if [ ! -f "$wordlist" ]; then

    echo "Wordlist file not found: $wordlist"

    exit 1

fi

echo "Starting subdomain enumeration for $target_domain..."

# Loop through each word in the wordlist

while IFS= read -r subdomain; do

    full_domain="${subdomain}.${target_domain}"

    status_code=$(curl -o /dev/null -s -w "%{http_code}" "http://${full_domain}")

    if [ "$status_code" -eq 200 ]; then

        echo "Subdomain found: ${full_domain}"

    fi

done < "$wordlist"

echo "Subdomain enumeration completed."