TLD enum Script

Check for all possible TLDs of a target domain,saves valid domains in a result.txt file, useful for bug bounties and Webapp pentest enum

import dns.resolver

# ANSI color codes
GREEN = "\033[32m"
RED = "\033[31m"
RESET = "\033[0m"

# Function to check if a domain exists
def check_domain(domain, valid_domains):
    try:
        dns.resolver.resolve(domain, 'A')
        valid_domains.append(domain)
        print(f"{GREEN}Domain {domain} exists.{RESET}")
    except dns.resolver.NXDOMAIN:
        print(f"{RED}Domain {domain} does not exist.{RESET}")
    except dns.resolver.NoNameservers:
        print(f"{RED}Failed to resolve nameservers for domain {domain}.{RESET}")
    except dns.exception.Timeout:
        print(f"{RED}Timed out while resolving domain {domain}.{RESET}")
    except dns.exception.DNSException:
        print(f"{RED}An error occurred while resolving domain {domain}.{RESET}")

# Function to enumerate possible domains
def enumerate_domains(target_domain):
    parts = target_domain.split('.')
    if len(parts) < 2:
        print("Invalid target domain format. Please enter a domain in the format 'subdomain.domain.tld'.")
        return

    domain = parts[0]
    tld = parts[-1]

    # More comprehensive list of TLDs
    tlds = ['com', 'net', 'org', 'info', 'biz', 'edu', 'gov', 'int', 'mil',
            'aero', 'asia', 'cat', 'coop', 'jobs', 'mobi', 'museum', 'name',
            'pro', 'tel', 'travel', 'ac', 'ad', 'ae', 'af', 'ag', 'ai', 'al',
            'am', 'ao', 'aq', 'ar', 'as', 'at', 'au', 'aw', 'ax', 'az', 'ba',
            'bb', 'bd', 'be', 'bf', 'bg', 'bh', 'bi', 'bj', 'bm', 'bn', 'bo',
            'bq', 'br', 'bs', 'bt', 'bv', 'bw', 'by', 'bz', 'ca', 'cc', 'cd',
            'cf', 'cg', 'ch', 'ci', 'ck', 'cl', 'cm', 'cn', 'co', 'cr', 'cu',
            'cv', 'cw', 'cx', 'cy', 'cz', 'de', 'dj', 'dk', 'dm', 'do', 'dz',
            'ec', 'ee', 'eg', 'er', 'es', 'et', 'eu', 'fi', 'fj', 'fk', 'fm',
            'fo', 'fr', 'ga', 'gb', 'gd', 'ge', 'gf', 'gg', 'gh', 'gi', 'gl',
            'gm', 'gn', 'gp', 'gq', 'gr', 'gs', 'gt', 'gu', 'gw', 'gy', 'hk',
            'hm', 'hn', 'hr', 'ht', 'hu', 'id', 'ie', 'il', 'im', 'in', 'io',
            'iq', 'ir', 'is', 'it', 'je', 'jm', 'jo', 'jp', 'ke', 'kg', 'kh',
            'ki', 'km', 'kn', 'kp', 'kr', 'kw', 'ky', 'kz', 'la', 'lb', 'lc',
            'li', 'lk', 'lr', 'ls', 'lt', 'lu', 'lv', 'ly', 'ma', 'mc', 'md',
            'me', 'mf', 'mg', 'mh', 'mk', 'ml', 'mm', 'mn', 'mo', 'mp', 'mq',
            'mr', 'ms', 'mt', 'mu', 'mv', 'mw', 'mx', 'my', 'mz', 'na', 'nc',
            'ne', 'nf', 'ng', 'ni', 'nl', 'no', 'np', 'nr', 'nu', 'nz', 'om',
            'pa', 'pe', 'pf', 'pg', 'ph', 'pk', 'pl', 'pm', 'pn', 'pr', 'ps',
            'pt', 'pw', 'py', 'qa', 're', 'ro', 'rs', 'ru', 'rw', 'sa', 'sb',
            'sc', 'sd', 'se', 'sg', 'sh', 'si', 'sj', 'sk', 'sl', 'sm', 'sn',
            'so', 'sr', 'ss', 'st', 'su', 'sv', 'sx', 'sy', 'sz', 'tc', 'td',
            'tf', 'tg', 'th', 'tj', 'tk', 'tl', 'tm', 'tn', 'to', 'tp', 'tr',
            'tt', 'tv', 'tw', 'tz', 'ua', 'ug', 'uk', 'us', 'uy', 'uz', 'va',
            'vc', 've', 'vg', 'vi', 'vn', 'vu', 'wf', 'ws', 'ye', 'yt', 'za',
            'zm', 'zw']

    # Check target domain first
    valid_domains = []
    check_domain(target_domain, valid_domains)

    # Loop through possible TLDs
    for t in tlds:
        possible_domain = f"{domain}.{t}"
        # Check if the domain exists
        check_domain(possible_domain, valid_domains)

    # Save valid domains to file
    with open("results.txt", "w") as f:
        for domain in valid_domains:
            f.write(domain + "\n")
    print(f"Valid domains saved to 'results.txt'.")

# Main function
def main():
    target_domain = input("Enter target domain: ")
    enumerate_domains(target_domain)

# Execute the main function
if __name__ == "__main__":
    main()
PreviousScriptsNextBugbounty Subdomain enum script

Last updated