Merge pull request #26 from unstabl3/patch-3

Patch 3

README.md

@@ -56,6 +56,12 @@ A few features like port scanning might not be working in the current build and
 
 ``targetfile`` contains list of domains to perform Recon. For example: `targettest.com`
 
+### Exclude out-of-scope subdomains
+
+Bheem has a flag to remove out-of-scope subdomains from the scan. To do so you have to use "-e" flag with comma separated subdomains.
+
+``Bheem -t targetfile -S -e sub.ex.com,sub1.ex.com``
+
 # Side Notes
 
 1. If you don't want to use specific module, just comment it out and it won't be used anymore.

arsenal/Bheem.sh

@@ -60,10 +60,12 @@ large_recon(){
 
 }
 
-while getopts ":t:SMLh" opt; do
+while getopts ":t:eSMLh" opt; do
 	case ${opt} in
 		t ) target=$OPTARG
 		    ;;
+		e ) exclude=$OPTARG
+		    ;;
 		S ) small_recon
 		    ;;
 		M ) medium_recon
@@ -72,6 +74,7 @@ while getopts ":t:SMLh" opt; do
 		    ;;
 		\? | h ) echo "Usage  :";
 			 echo "         -t	List of target";
+			 echo "		-e	Exclude target.(eg: sub1.ex.com,sub2.ex.com)";
 			 echo "         -S	Perform Small Recon";
 			 echo "         -M	Perform Medium Recon";
 			 echo "         -L	Perform Large Recon";

arsenal/subdomain.sh

@@ -6,5 +6,14 @@ mkdir -p $dir
 subfinder -d $1 > $dir/$1_unfilter_subdomains;
 assetfinder --subs-only $1 >> $dir/$1_unfilter_subdomains;
 #amass enum -d $1 >> $dir/$1_unfilter_subdomains;
-cat $dir/$1_unfilter_subdomains | sort -u > $dir/$1_subdomains;
 
+if [ -z "$exclude" ]
+then
+  cat $dir/$1_unfilter_subdomains | sort -u > $dir/$1_subdomains;
+else
+  echo -e "\e[92m[~] Excluding domains..\e[00m"
+  echo "${exclude[*]}" | cut -d',' --output-delimiter=$'\n' -f1- | tee -a $dir/"$1"_excluded.txt
+  cat $dir/"$1"_unfilter_subdomains | sort -u | grep "\.$1" > $dir/tmp_Bunique.txt
+  grep -vFf $dir/"$1"_excluded.txt $dir/tmp_Bunique.txt > $dir/$1_subdomains
+  rm $dir/tmp_Bunique.txt
+fi