crt.sh -> httprobe -> EyeWitness Automated domain screenshotting

Put together a bash one-liner that:

• Passively collects a list of subdomains from certificate associations (crt.sh)

• Actively requests each subdomain to verify it's existence (httprobe)

• Actively screenshots each subdomain for manual review (EyeWitness)

Usage:

domain=DOMAIN_COM;rand=$RANDOM;curl -fsSL "https://crt.sh/?q=${domain}" | pup 'td text{}' | grep "${domain}" | sort -n | uniq | httprobe > /tmp/enum_tmp_${rand}.txt; python3 /usr/share/eyewitness/EyeWitness.py -f /tmp/enum_tmp_${rand}.txt --web

Note: must have httprobe, pup and EyeWitness installed and change 'DOMAIN_COM' to the target domain. You are able to run this script concurrently in terminal windows if you have multiple target root domains