domainia
Domainia Scanner is an automated Open-source Intelligence (OSINT) tool that enumerates subdomains, all DNS records, IP addresses, related domains/subdomains, certificate details, site info, HTTP status, name servers (NS), domain whois, and etc. of a single domain or a list of domains by using the passive and active reconnaissance techniques.
❤ Support Domainia: 
How to Use
If you look for the changelog history, you can find it here.
1. Installation
1.1. Installation Through PyPi
If you would like to install it as a Python package, run the following command.
pip install Domainia
# or
python -m pip install Domainia
1.2. Installation form the Source
First, clone the package from Github.
git clone https://github.com/namnamir/domainia.git
Then, by running the following command, install all required dependencies for the current user.
pip install -r requirements.txt --user
# or
python -m pip install -r requirements.txt --user
2. Add API Keys
Modify the file api_keys.py and add the API keys of the mentioned tools.
3. Check the Configuration File
Open the file config.py and modify it if needed. For each section of it, there is an explanation as the comment.
There are many options can be modified in the config file. Here are a list of the options:
date_formatto set the data and time formatscan_typeto set the scan typedns_recordsto set which DNS records should be enumeratedinclude_txt_recordsto set which TXT records should be written in the output filedns_serversto set the DNS serversdelimiterto set the delimiters for each data to be written into the CSV filewhoisto set which Whois detail should be written into the CSV filesslto set which SSL detail should be written into the CSV fileapito modify details of the APIs including the data/time format
4. Run the Script
The script can be run in 2 modes, loading the list of domains from a file or from the command.
-h, --help
Show this help message and exit
-f FILE, --file FILE
Path to the list of domain names, e.g. domains.txt
-d DOMAIN, --domain DOMAIN
The comma separated list of domains
-w WHOIS, --whois WHOIS
Whois API; default "whoisxml".
Possible options: "whoisxml" and "whoxy"
-t TYPE, --type TYPE
Type of the scan. If it is set, it will ignore the config file value for the scan type.
Possible options: "quick" and "deep"
-o OUTPUT, --output OUTPUT
The name of the output CSV file, e.g. results.csv
5. Results (CSV)
Result of the scan would be saved in a CSV file. You can manage the path of the output file by the argument -o or --output.
6. JSON Format
[
"example.com": {
"DNS": [
{
"record": "A",
"value": "1.2.3.4",
},
],
"related_ip" : [
{
"name": "1.2.3.4",
"version": "IPv4",
"whois": {},
"listed": [],
"technologies" : [],
"ports": [],
"reverse_dns": [],
"vulnerabilities": [],
},
],
"related_domains" : [
{
"name": "site.tld",
"whois": {},
"listed": [],
"technologies" : [],
"ports": [],
"vulnerabilities": [],
"http_headers": [],
"html_meta": [],
"subdomains": [],
"related_domains": []
},
],
"html": {
"meta": [
{
"name": "",
"value": "",
}
],
"redirects": [],
"status_code": 200,
"title": "",
"analytics": [
{
"name": "Google",
"value": "UA-123"
}
]
},
"http_headers": [
{
"name": "",
"value": "",
}
],
"whois": {},
"listed": [],
}
]
⚖️ Copyright Domainia tool is released under copy left; there is no right. Just kidding, it is under MIT license; read more about it on the LICENSE page.
⚠️ Disclaimer Domainia tool is tool for legitimate purposes. Do not use it in any illegitimate or illegal activities.