Flora is a command-line tool designed to enumerate subdomains for a given domain and identify potential subdomain takeovers. The tool supports multiple modes of operation, including discovery and takeover, and offers several options for customizing the scanning process.
- Subdomain discovery using a variety of methods, including brute force, Shodan, VirusTotal, and SecurityTrails.
- Subdomain takeover identification.
- Customizable wordlists for brute force.
- Verbose mode for detailed output.
- Multi-threaded brute force.
- Option to output results to a file.
- Fingerprinting to identify subdomains.
- Support for Assetfinder for subdomain enumeration.
- curl
- jq
- nmap
- assetfinder
- dnstracer
git clone https://github.com/blue0x1/Flora/
change the directory to Flora
cd Flora
change permissions
chmod +x flora
run it against target
./flora -d <target>
(optional: run it from anywhere)
sudo cp flora /bin/
The basic usage of Flora is as follows:
flora -d <domain> [-m <mode>] [-w <wordlist>] [-v] [-s <shodan_api_key>] [-k <virustotal_api_key>] [-o <output_file>] [-X <securitytrails_api_key>] [-f] [-a]
-d: The domain to scan.
-m: The mode of operation (discovery or takeover, default: discovery).
-w: The wordlist file to use for subdomain brute force (optional).
-v: Verbose mode for detailed output.
-t: The number of threads to use for subdomain brute force (default: 50).
-s: The Shodan API key (optional, use Shodan for subdomain enumeration).
-k: The VirusTotal API key (optional, use VirusTotal for subdomain enumeration).
-o: The output file path (optional, will output to console if not specified).
-f: Use fingerprinting to identify subdomains (default: false).
-a: Use Assetfinder for subdomain enumeration.
-X: The SecurityTrails API key (optional, use SecurityTrails for subdomain enumeration).
Note: It is recommended to obtain API keys for Shodan, VirusTotal, and SecurityTrails to increase the accuracy of subdomain enumeration.