PHP Code:
/***
*
* Subdomain Scanner by precedenceDemon
* New Zealand hacker
* Email: tickme [at] mail [d0t] ru
*
***/
#define WIN32
#if defined(macintosh)
#define DIRECTORY_SEPARATOR_CHAR ':'
#define DIRECTORY_SEPARATOR_STRING ":"
#elif defined(_WIN32) || defined(_WIN32_WCE) || defined(__DOS__) || defined(WIN32)
#define DIRECTORY_SEPARATOR_CHAR '\\'
#define DIRECTORY_SEPARATOR_STRING "\\"
#else
#define DIRECTORY_SEPARATOR_CHAR '/'
#define DIRECTORY_SEPARATOR_STRING "/"
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef WIN32
#pragma comment(lib, "ws2_32.lib")
#include <winsock2.h>
#else
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#endif
int main(int argc, char *argv[]){
char *subdomains[] = {"a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","lan","phpmyadmin","administrator","mape","isp","shop","rex","podcast","potraga","sensation","igre","foo","api","access","ulaz","pam","sport","pretraga","pricaonica","kuvar","raketa","wwwmobile","s1","s2","foro","s3","box","open","abc","phpbb3","phpbb2","internet","phpbb","whm","mysql","webadmin","adm","admin","admins","agent","aix","recnik","alerts","av","antivirus","app","apps","appserver","archive","as400","auto","backup","banking","bbdd","bbs","bea","beta","blog","catalog","cgi","channel","channels","chat","cisco","client","clients","club","cluster","clusters","code","commerce","community","compaq","conole","consumer","contact","contracts","corporate","ceo","cso","cust","customer","cpanel","data","bd","db2","default","demo","cms","design","desktop","dev","develop","developer","device","dial","digital","dir","directory","disc","discovery","disk","dns","dns1","dns2","dns3","docs","poslovi","prijemni","znanje","mojtim","documents","domain","domains","dominoweb","download","downloads","ecommerce","e-commerce","edi","edu","education","email","enable","engine","engineer","enterprise","slike","galerija","error","event","events","example","exchange","extern","external","extranet","fax","field","finance","firewall","forum","forums","fsp","ftp","ftp2","fw","fw1","gallery","galleries","games","gateway","gopher","guest","gw","hello","helloworld","help","helpdesk","arkiva","lajme","faqe","helponline","hp","ibm","ibmdb","ids","ILMI","film","navigator","nalog","prodavnica","zdravlje","reklamiranje","zivot","images","imap","pomoc","imap4","img","imgs","info","intern","internal","intranet","invalid","iphone","ipsec","irc","ircserver","jobs","ldap","link","linux","lists","listserver","local","localhost","log","logs","login","lotus","mail","mailboxes","mailhost","result","management","manage","manager","map","maps","marketing","device","media","member","members","messenger","mngt","mobile","monitor","multimedia","music","my","names","lojra","albania","bisedo","puka","foto","emra","njohje","vip","egea-tirana","historia","forumi","vesti","administracija","net","new1","new","perkohesisht","netdata","netstats","network","news","nms","nntp","ns","ns1","ns2","ns3","ntp","online","openview","oracle","outlook","page","pages","partner","partners","pda","personal","ph","pictures","pix","pop","pop3","portal","press","print","printer","private","project","projects","proxy","public","ra","radio","raptor","ras","read","register","remote","report","reports","root","router","lister","rwhois","sac","schedules","scotty","search","secret","secure","security","seri","serv","serv2","server","service","services","shop","shopping","site","sms","smtp","smtphost","snmp","snmpd","snort","solaris","1","2","3","4","5","6","7","8","9","0","solutions","support","source","sql","ssl","stats","store","stream","streaming","sun","support","switch","sysback","system","tech","terminal","test","testing","testing123","time","tivoli","training","transfers","uddi","update","upload","uploads","video","vpn","w1","w2","w3","wais","wap","web","webdocs","w****b","w****gic","webmail","webserver","webservices","websphere","whois","wireless","work","world","write","ws","ws1","ws2","ws3","www1","www2","www3","www4","www5","www6","www7","www8","www9","drupal","wordpress","joomla","db","database","love"};
char buffer[256];
int len;
int subdomainsTried = 0;
int successfulTries = 1;
char *p = NULL;
struct hostent *h;
#ifdef WIN32
WSADATA wsaData;
#endif
p = strrchr(argv[0], DIRECTORY_SEPARATOR_CHAR);
puts("\n");
printf("+++++++++++++++++++++++++++++++++\n");
printf("| |\n");
printf("| Subdomain scanner |\n");
printf("| By |\n");
printf("| precedenceDemon |\n");
printf("| |\n");
printf("+++++++++++++++++++++++++++++++++\n");
puts("\n");
if (argc!=2){
printf("[+] Usage: %s domain\n",p+1);
printf("[+] Enter domain without http:// & www.\n");
printf("[+] Example: %s google.com\n",p+1);
getchar();
return 1;
}
if(strlen(argv[1])>150){
printf("[-] ERROR: Domain is too long!\n");
return 1;
}
printf("[+] Scanning: %s\n\n", argv[1]);
#ifdef WIN32
if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0){
fprintf(stderr, "[-] WSAStartup failed.\n");
return 1;
}
#endif
len=sizeof(subdomains)/sizeof(char *);
while(subdomainsTried!=len){
sprintf(buffer,"%s.%s", subdomains[subdomainsTried],argv[1]); //Will generate a warning, but it's fine...
if ((h=gethostbyname(buffer)) == NULL);
else{
printf("[%d] %s SERVER IP: %s\n", successfulTries, buffer, inet_ntoa(*((struct in_addr *)h->h_addr)));
successfulTries++;
}
subdomainsTried++;
memset(buffer, 0x00, 256);
}
printf("\n[+] %d subdomains were found on %s\n\n", successfulTries-1, argv[1]);
#ifdef WIN32
WSACleanup();
#endif
return 0;
}