Skip to content

A tool to find subdomains or domains from passive sources.

License

Notifications You must be signed in to change notification settings

junnlikestea/vita

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Vita

release Build status

Vita is a tool to gather subdomains from passive sources much like tomnomnom's assetfinder.

Installation

Precompiled binaries for vita are available in the releases tab. Just pick your platform and extract the archive that contains the binary.

Building it yourself

If you want to build it yourself you will need to install Rust, you can get the official installation from the Rust website.

To build Vita:

$ git clone https://github.com/junnlikestea/vita
$ cd vita
$ cargo build --release
$ ./target/release/vita --version

Usage

With a single domain and collecting data from free sources

vita -d hackerone.com

By default the results will be unique, and will filter subdomains not related to your root domain, or domains if you choose to supply multiple.

Collecting data only on a specific subdomain

If you only want to collect results related to a specific subdomain you can use the --subs-only flag. This will cause vita to run on the actual domain and not the root domain. Results will be filtered to anything that ends with the input domain or domains.

vita -d api.hackerone.com --subs-only

With a list of domains from a file

vita -f path/to/domains.txt

With a list of domains from stdin

vita < /path/to/domains.txt

Outputting results as they're received

You can output results as they arrive as opposed to once all sources finish using the --flush flag. You might want to use this flag when you're running vita on a small vps without much memory. When this flag is active vita will not remove duplicates, so you may want to pipe it through something like sort -u.

vita -d hackerone.com --flush

Collecting data using paid sources

If you want to include sources which require API keys, add the -a or -all flag, for example:

vita -d hackerone.com -a

By default it will just ignore services you don't supply keys for.

Excluding sources

You can exclude sources with the -e flag

vita -d hackerone.com -e Wayback

If you would like some more verbose output you can use the -v flag. There are different levels of verbosity ranging from noisy to informational, most of the time I just use info. This is all printing to stderr, so it won't be captured in the results.

  • info: General information like how many results each source returned.
  • debug: Lots and lots of information about what's going on under the hood.
vita -d hackerone.com -v info

Common error - Too many open files

Vita uses async concurrent http requests under the hood. If you encounter an error similar to "Too many open files" it means that there isn't enough available file descriptors on your system. You can fix this by increasing the hard and soft limits. There are lots of different guides available to increase the limits but here is one for linux.

Sources

  • SonarSearch
  • C99
  • ProjectDiscovery Chaos
  • AnubisDB
  • Alienvault
  • Binaryedge
  • Certspotter
  • Crt.sh
  • Hackertarget
  • Threatcrowd
  • VirusTotal
  • Sublis3r
  • Security Trails
  • Spyse
  • Urlscan.io
  • Facebook
  • Threatminer
  • Wayback Machine
  • IntelligenceX
  • PassiveTotal

How to set your Api Keys

Add a .env file to the tool directory or add the following to your existing .env file:

  • Binaryedge:
    • Needs BINARYEDGE_TOKEN set
  • ProjectDiscovery Chaos
    • Needs CHAOS_KEY set
  • Facebook:
    • Needs FB_APP_ID and FB_APP_SECRET set.
  • Spyse:
    • Needs SPYSE_TOKEN set.
  • Security Trails:
    • Needs SECURITY_TRAILS_KEY set.
  • C99:
    • Needs C99_KEY set.
  • PassiveTotal:
    • Needs PASSIVETOTAL_KEY and PASSIVETOTAL_SECRET set
    • Can be found under the account settings page.
  • IntelligenceX:
    • Needs INTELX_KEY and INTELX_URL to be set
    • Can be found under the developer tab

If you hit rate limits or authentication fails, the source will just be ignored from the list of potential sources.

A note on tuning the concurrency

Currently Vita will limit the search for data to 200 root domains concurrently. If you would like to change that limit you can use the -c flag:

vita -f /path/to/roots.txt -c 400

Thanks

0xatul For constant feedback and improvement ideas.

dee-see For the contributions and neat issues!

TomNomNom For inspiring me to write and release open source tools.

Cgboal For SonarSearch which is a data source for Vita.

ProjectDiscovery For Chaos which is a great data source.

Thanks to all the data source providers, and everyone else I can't seem to remember at this point in time. I'll make sure to add you in the future.

To-do

  • Add more paid sources.
  • Write some documentation for the underlying library that Vita uses, and prepare publish to crates.io.
  • Clean up types and optimise performance further.

Disclaimer

Developers have/has no responsibility or authority over any kind of:

  • Legal or Law infringement by third parties and users.
  • Malicious use capable of causing damage to third parties.
  • Illegal or unlawful use of vita.