Lepus Tool
Lepus is a tool for enumerating subdomains, checking for subdomain takeovers and perform port scans - and boy, is it fast!
Summary
Enumeration modes
The enumeration modes are different ways lepus uses to identify sudomains for a given domain. These modes are:
Collectors
The Collectors mode collects subdomains from the following services:
Service | API Required |
---|---|
Censys | Yes |
CertSpotter | No |
CRT | No |
DNSTrails | Yes |
FOFA | Yes |
Google Transparency | No |
HackerTarget | No |
PassiveTotal | Yes |
Project Discovery Chaos | Yes |
Project Crobat | No |
Project Sonar | No |
Riddler | Yes |
Shodan | Yes |
Spyse | Yes |
ThreatCrowd | No |
ThreatMiner | No |
VirusTotal | Yes |
Wayback Machine | No |
ZoomEye | Yes |
You can add your API keys in the config.ini
file.
Subdomain Takeover
Lepus has a list of signatures in order to identify if a domain can be taken over. You can use it by providing the --takeover
argument. This module also supports Slack notifications, once a potential takeover has been identified, by adding a Slack token in the config.ini
file. The checks are made against the following services:
- Acquia
- Activecampaign
- Aftership
- Aha!
- Airee
- Amazon AWS/S3
- Apigee
- Azure
- Bigcartel
- Bitbucket
- Brightcove
- Campaign Monitor
- Cargo Collective
- Desk
- Feedpress
- Fly.io
- Getresponse
- Ghost.io
- Github
- Hatena
- Helpjuice
- Helpscout
- Heroku
- Instapage
- Intercom
- JetBrains
- Kajabi
- Kayako
- Launchrock
- Mashery
- Maxcdn
- Moosend
- Ning
- Pantheon
- Pingdom
- Readme.io
- Simplebooklet
- Smugmug
- Statuspage
- Strikingly
- Surge.sh
- Surveygizmo
- Tave
- Teamwork
- Thinkific
- Tictail
- Tilda
- Tumblr
- Uptime Robot
- UserVoice
- Vend
- Webflow
- Wishpond
- Wordpress
- Zendesk