Lepus Tool
Lepus is a tool for enumerating subdomains, checking for subdomain takeovers and perform port scans - and boy, is it fast!
Summary
Enumeration modes
The enumeration modes are different ways lepus uses to identify sudomains for a given domain. These modes are:
Collectors
The Collectors mode collects subdomains from the following services:
| Service | API Required |
|---|---|
| Censys | Yes |
| CertSpotter | No |
| CRT | No |
| DNSTrails | Yes |
| FOFA | Yes |
| Google Transparency | No |
| HackerTarget | No |
| PassiveTotal | Yes |
| Project Discovery Chaos | Yes |
| Project Crobat | No |
| Project Sonar | No |
| Riddler | Yes |
| Shodan | Yes |
| Spyse | Yes |
| ThreatCrowd | No |
| ThreatMiner | No |
| VirusTotal | Yes |
| Wayback Machine | No |
| ZoomEye | Yes |
You can add your API keys in the config.ini file.
Subdomain Takeover
Lepus has a list of signatures in order to identify if a domain can be taken over. You can use it by providing the --takeover argument. This module also supports Slack notifications, once a potential takeover has been identified, by adding a Slack token in the config.ini file. The checks are made against the following services:
- Acquia
- Activecampaign
- Aftership
- Aha!
- Airee
- Amazon AWS/S3
- Apigee
- Azure
- Bigcartel
- Bitbucket
- Brightcove
- Campaign Monitor
- Cargo Collective
- Desk
- Feedpress
- Fly.io
- Getresponse
- Ghost.io
- Github
- Hatena
- Helpjuice
- Helpscout
- Heroku
- Instapage
- Intercom
- JetBrains
- Kajabi
- Kayako
- Launchrock
- Mashery
- Maxcdn
- Moosend
- Ning
- Pantheon
- Pingdom
- Readme.io
- Simplebooklet
- Smugmug
- Statuspage
- Strikingly
- Surge.sh
- Surveygizmo
- Tave
- Teamwork
- Thinkific
- Tictail
- Tilda
- Tumblr
- Uptime Robot
- UserVoice
- Vend
- Webflow
- Wishpond
- Wordpress
- Zendesk