Skip to content
/ frogy Public
forked from iamthefrogy/frogy

Subdomain enumeration script. It's unique in the way it is built upon. Version for macOS.

License

Notifications You must be signed in to change notification settings

nekkitl/frogy

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

frogy

Made from 🇮🇳, forked by 🇷🇺 with ❤️

My goal is to create an open-source Attack Surface Management solution and make it capable to find all the IPs, domains, subdomains, live websites, login portals for one company.

Original text from src-git


Why was the project forked?

Yo, I'm Nick, and I was disappointed by the lack of support for macOS. We all know that many programs, for various reasons, can be built and run fine on the Mac. Basically, this project was released for Deb-based OS, but one night I rewrote and reworked the project for full Mac compatibility.

And i think that we need faster method to provide information to frogy. See usage for details.

glhf, bruh 👽


How it can help a large company (Some usecases):

  • Vulnerability management team: Can use the result to feed into their known and unknown assets database to increase their vulnerability scanning coverage.
  • Threat intel team: Can use the result to feed into their intel DB to prioritize proactive monitoring for critical assets.
  • Asset inventory team: Can use the result to keep their asset inventory database up-to-date by adding new unknown assets facing Internet and finding contact information for the assets inside your organization.
  • SOC team: Can use the result to identify what all assets they are monitoring vs. not monitoring and then increase their coverage slowly.
  • Patch management team: Many large organizations are unaware of their legacy, abandoned assets facing the Internet; they can utilize this result to identify what assets need to be taken offline if they are not being used.

It has multiple use cases depending your organization's processes and technology landscpae.

Logic:

Frogy

Features:

  • 🐸 Horizontal subdomain enumeration
  • 🐸 Vertical subdomain enumeration
  • 🐸 Resolving subdomains to IP
  • 🐸 Identifying live web applications
  • 🐸 Identifying all the contextual properties of the web application such as title, content lenght, server, IP, cname, etc. (through httpx tool)
  • 🐱 Added arguments for script

Installation:

git clone https://github.com/nekkitl/frogy.git && cd frogy && chmod +x install.sh && bash install.sh

Usage:

./frogy.sh [root-domain] [organisation name] [CHAOS dataset]
        -h | Root-domain is: "example.com"
           | Organisation is: "Internet Assigned Numbers Authority" : can be skipped.
           | Is this program is in the CHAOS dataset? ["y"/"n"] : default NO

./frogy.sh "example.com" "Internet Assigned Numbers Authority"
           | or
./frogy.sh example.com

Demo:


Frogy

Output:

Output file will be saved inside the output/<company_name>/outut.csv folder. Where company_name is any company name which you give as an input to Organization Name at the start of the script.


A very warm thanks to the authors of the tools used in this script.

Initial repo created - A few weeks back below date.

  • Date - 4 March 2019, Open-sourced
  • Date - 19 March 2021, Major changes
  • Date - 30 July 2023, forked for macOS

Logo credit - www.designevo.com


Additional:

Viewers

nekkitl a.k.a. Nick Ognev, 2023q3

More for macOS:

ReadMe Card

About

Subdomain enumeration script. It's unique in the way it is built upon. Version for macOS.

Topics

Resources

License

Stars

Watchers

Forks

Languages

  • Shell 94.3%
  • Python 5.7%