Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning

Domainim is a reconnaissance tool designed for quick network analysis of organizations. It provides insights into an organization's structure through methods such as OSINT, brute-forcing, and DNS resolution. Key features include subdomain enumeration using multiple engines, user-friendly output, and basic TCP port scanning. The tool also performs A record resolution, reverse DNS lookups, and virtual hostname enumeration. It can detect wildcard subdomains, export results in JSON format, and allows for customization of port scanning ranges and DNS server addresses. Domainim, inspired by Sublist3r and using NimScan for its port scanning module, can be built from source or downloaded as a binary. While Domainim offers a broad overview, it's important to note certain limitations. Response limits exist for subdomain enumeration engines, and the port scanner's timeout settings may lead to false negatives. Brute-forcing is currently skipped if a wildcard subdomain is detected to prevent unnecessary enumeration. The tool's DNS resolution doesn't currently retrieve all IPs for a domain and lacks support for CNAME records. Despite these limitations, Domainim provides valuable reconnaissance capabilities for network analysis.