docs and programs added

Author: EvolvingSysadmin

README.md

@@ -1,2 +1,11 @@
 # Domain-Enumeration
-This repository contains Python tools for domain enumeration.
+This repository contains instructions on the use of Python tools for Domain Enumeration.
+
+## Topics
+- [Domain Enumeration Background](./docs/Domain-Enumeration-Background.md)
+- [Get Domain Registration Information](./docs/Get-Domain-Registration-Information.md)
+- [Get Subdomain Information](./docs/Get-Subdomain-Information.md)
+- [Get Port Information](./docs/Get-Port-Information.md)
+- [Get HTTP Links](./docs/Get-HTTP-Links.md)
+
+## Licensing

docs/Domain-Enumeration-Background.md

@@ -0,0 +1,16 @@
+# Domain Enumeration Background
+
+This page describes domain enumeration, the advantages of using Python for domain enumeration, and the use cases for Python domain enumeration.
+
+## Topics
+- 
+- [What is Domain Enumeration?](#what-is-domain-enumeration)
+- [Why use Python for Domain Enumeration?](#why-use-python-for-domain-enumeration)
+- [Who should use Python for Domain Enumeration](#who-should-use-python-for-doamain-enumeration)
+
+## What is Domain Enumeration?
+
+## Why use Python for Domain Enumeration?
+
+## Who should use Python for Doamain Enumeration?
+

docs/Get-Domain-Registration-Information.md

@@ -0,0 +1,143 @@
+# Get Domain Name Information
+
+This page describes how to obtain domain information by using the WHOIS Python library.
+
+## Topics
+
+- [Background](#background)
+- [Use Case](#use-case)
+- [Prerequisites](#prerequisites)
+- [Usage](#usage)
+  - [Validate Domain Name](#validate-domain-name)
+  - [Get Domain Registrar](#get-domain-registrar)
+  - [Get Domain Creation Date](#get-domain-creation-date)
+  - [Get Domain Expiration Date](#get-domain-expiration-date)
+  - [Get Domain Registration Email](#get-domain-registration-email)
+  - [Get Domain Registration Location](#get-domain-registration-location)
+  - [Get All Domain Registration Information](#get-all-domain-registration-information)
+- [Resources](#resources)
+
+## Background
+
+WHOIS is an Internet protocol for retrieving a record of domain name registration information. The [Python WHOIS package](https://pypi.org/project/python-whois/) uses Python to query and parse domain registration information. The registration information that can be obtained using the WHOIS Python library includes whether the domain is registered, the domain registrar, domain creation date, domain expiration date, and address of the domain owner.
+
+## Use Case
+
+The Python WHOIS package should be used when there is a need to obtain information about a domain name. The Python WHOIS package functions can be run individually to obtain specific domain name information or can be included within a larger Python program.
+
+## Prerequisites
+
+The Python WHOIS package must be installed to utilize the domain name lookup functions. The [latest version of Python 3](https://www.python.org/downloads/) is required to run the Python WHOIS package. The PIP3 Python package manager is required to install the Python WHOIS package. PIP3 is included with the latest version of Python 3.
+
+Use PIP3 to Install the Python WHOIS package by running the following in a terminal:
+```
+pip3 install python-whois
+```
+
+Use an import statement to install the Python WHOIS package at the beginning of the Python code:
+```
+import whois
+```
+
+## Usage
+
+Use the code below to complete each task using the WHOIS Python package. The information may not be filed with the domain registrar if a validated domain does not return the requested information.
+
+### Validate Domain Name
+
+Create the `check_registration` function using the Python WHOIS package to determine if a domain name is registered:
+```
+def check_registration(domain_name):
+    try:
+        w = whois.whois(domain_name)
+    except Exception:
+        return False
+    else:
+        return bool(w.domain_name)
+```
+
+Use the `check_registration` function to validate registration of a list of domains by using an if else statement:
+```
+domains = [
+    "amazon.com",
+    "github.com",
+    "notadomain.com",
+    "thisisntregistered.net"
+]
+
+for domain in domains:
+    print(domain, "is registered" if check_registration(domain) else "is not registered")
+```
+
+### Get Domain Registrar
+
+Use the `check_registration` function to return the domain name registrar:
+
+```
+domain_name = "github.com"
+if check_registration(domain_name):
+    whois_info = whois.whois(domain_name)
+    print("Domain registrar:", whois_info.registrar)
+```
+
+### Get Domain Creation Date
+
+Use the `check_registration` function to return the domain name creation date:
+```
+domain_name = "github.com"
+if check_registration(domain_name):
+    whois_info = whois.whois(domain_name)
+    print("Domain creation date:", whois_info.creation_date)
+```
+
+### Get Domain Expiration Date
+
+Use the `check_registration` function to return the domain name expiration date:
+
+```
+domain_name = "github.com"
+if check_registration(domain_name):
+    whois_info = whois.whois(domain_name)
+    print("Expiration date:", whois_info.expiration_date)
+```
+
+### Get Domain Registration Email
+
+Use the `check_registration` function to return the domain name registration email address:
+
+```
+domain_name = "github.com"
+if check_registration(domain_name):
+    whois_info = whois.whois(domain_name)
+print("email addresses:", whois_info.emails)
+```
+
+### Get Domain Registration Location
+
+Use the `check_registration` function to return the domain name registration location:
+
+```
+domain_name = "github.com"
+if check_registration(domain_name):
+    whois_info = whois.whois(domain_name)
+    print("address:", whois_info.address)
+    print("city:", whois_info.city)
+    print("state:", whois_info.state)
+    print("zip code:", whois_info.zipcode)
+    print("country:", whois_info.country)
+```
+
+### Get All Domain Registration Information
+
+Use the `check_registration` function to return all domain name registration information:
+
+```
+domain_name = "github.com"
+if check_registration(domain_name):
+    whois_info = whois.whois(domain_name)
+    print(whois_info)
+```
+
+## Resources
+- [Official Python Download](https://www.python.org/downloads/)
+- [Python WHOIS Package](https://pypi.org/project/python-whois/)

docs/Get-HTTP-Links.md

@@ -0,0 +1,37 @@
+# Get HTTP Links
+
+## Table of Contents
+- [Background](#background)
+- [Use Case](#use-case)
+- [Prerequisites](#prerequisites)
+- [Usage](#usage)
+- [Resources](#resources)
+
+## Background
+
+## Use Case
+
+## Prerequisites
+
+The Python HTTP scanner requires the [latest version of Python 3](https://www.python.org/downloads/). The Python HTTP scanner also needs the PIP3 Python package manager, which is included with the latest version of Python 3.
+
+Use PIP3 to install the Python packages required to use the HTTP scanner by running the following in a terminal:
+
+```
+pip3 install -r requirements.txt
+```
+
+## Usage
+
+The [http-scanner.py](/programs/http-scanner/http-scanner.py) program runs with positional arguments. The last argument is the target domain being scanned. The -m argument specifies the maximum number of links to scan. The default number of links crawled is 30 if no -m argument is specified. For example, all internal and external links will be enumerated for the first 10 internal pages crawled if the -m argument is set to 10:
+
+```
+python http-scanner.py -m 10 https://hackthissite.org
+```
+
+The HTTP scanner outputs a .txt file with internal links of the target domain pages and another .txt file with external links from the target domain pages. For instance, for the scan `python http-scanner.py -m 10 https://hackthissite.org` will enumerate internal links in the file www.hackthissite.org_internal_links.txtand will enumerate external links to the file www.hackthissite.org_external_links.txt.
+
+## Resources
+- [Official Python Download](https://www.python.org/downloads/)
+- [http-scanner.py](/programs/http-scanner/http-scanner.py)
+- [http-scanner.py requirements file](/programs/http-scanner/requirements.txt)

docs/Get-Port-Information.md

@@ -0,0 +1,50 @@
+# Get Port Information
+
+## Topics
+
+- [Background](#background)
+- [Use Case](#use-case)
+- [Prerequisites](#prerequisites)
+- [Usage](#usage)
+- [Resources](#resources)
+
+## Background
+
+## Use Case
+
+## Prerequisites
+
+- Install the latest version of Python 3
+- Use PIP to install Scapy: `pip install --pre scapy[basic]`
+- Install any platform specific dependencies https://scapy.readthedocs.io/en/latest/installation.html#platform-specific-instructions
+- Run scapy with root permissions, for instance in an administrative cokmmand prompt
+
+## Usage
+
+Start Scapy:
+```C:\>scapy```
+
+Run SYN Scans
+```
+sr1(IP(dst="72.14.207.99")/TCP(dport=80,flags="S"))
+```
+
+The above will send a single SYN packet to Google’s port 80 and will quit after receiving a single response:
+
+Use either notations to scan ports 400 through 443 on the system:
+```
+sr(IP(dst="192.168.1.1")/TCP(sport=666,dport=(440,443),flags="S"))
+```
+
+```
+sr(IP(dst="192.168.1.1")/TCP(sport=RandShort(),dport=[440,441,442,443],flags="S"))
+```
+
+https://resources.infosecinstitute.com/topic/port-scanning-using-scapy/
+
+https://gist.github.com/mic159/c7133509af81dad409b79b8c4838f4bd 
+
+## Resources
+-[Scapy Documentation](https://scapy.readthedocs.io/en/latest/)
+-[Scapy GitHub Repository](https://github.com/secdev/scapy)
+- [Scapy Project Page](https://github.com/secdev/scapy)

docs/Get-Subdomain-Information.md

@@ -0,0 +1,59 @@
+# Get Subdomain Information
+
+This page describes how to enumerate subdomains of a given domain by using the [subdomain-scanner.py](/programs/subdomain-scanner/subdomain-scanner.py) Python program.
+
+## Topics
+
+- [Background](#background)
+- [Use Case](#use-case)
+- [Prerequisites](#prerequisites)
+- [Usage](#usage)
+- [Resources](#resources)
+
+## Background
+
+The Domain Name System heirarchy structure allows a domain name to be broken down into parts known as subdomains. Subdomains are defined by editing the DNS zone file for the domain name. Enumerating subdomains for a given domain can denote the domain structure. [subdomain-scanner.py](/programs/subdomain-scanner/subdomain-scanner.py) uses a list of potential subdomain names and the Python requests library to enumerate the subdomains of a given domain name.
+
+## Use Case
+
+Use this tool to determine the subdomains for a given domain. Enumerating subdomains can be particularly useful for testing the security of a domain. Internet facing services are often hosted on subdomains; for instance `vpn.domain-name.com`. Enunerating subdomains can be an initial step for testing the security of those services. Only run the domain enumeration tool against domains that have given express permission to do so. Running the domain enumeration tool against websites without permission while likely break the terms of service of that domain.
+
+## Prerequisites
+
+The Python requests package must be installed to utilize the subdomain enumeration functionality. The [latest version of Python 3](https://www.python.org/downloads/) is required to run the Python requests package. The PIP3 Python package manager is required to install the Python requests package. PIP3 is included with the latest version of Python 3.
+
+Use PIP3 to Install the Python requests package by running the following in a terminal:
+
+```
+pip3 install requests
+```
+
+A list of subdomain names to test must be created in a .txt file, such as [subdomain-list.txt](/programs/subdomain-scanner/subdomain-list.txt). The program will return names from the list that are valid subdomain names of the given domain.
+
+## Usage
+
+The [subdomain-scanner.py](/programs/subdomain-scanner/subdomain-scanner.py) program runs with positional arguments. The last argument is the domain being scanned. The `-l` argument specifies the word list text file. The `-t` argument specifies the number of threads that the program should dedicate to scanning the domain:
+
+```
+python subdomain-scanner.py -l subdomain-list.txt -t 10 hackthissite.org
+```
+
+The `-h` argument can also be used to display the help message:
+
+```
+python subdomain-scanner.py -h
+```
+
+The program will ouput the subdomain that it discovers, such as:
+
+```
+[+] Discovered subdomain: http://mail.hackthissite.org
+```
+
+## Resources
+- [Official Python Download](https://www.python.org/downloads/)
+- [Python Requests Package](https://pypi.org/project/requests/)
+- [subdomain-scanner.py](/programs/subdomain-scanner/subdomain-scanner.py)
+- [subdomain-list.txt](/programs/subdomain-scanner/subdomain-list.txtsubdomain-list.txt)
+- [subdomain-list-medium.txt](/programs/subdomain-scanner/subdomain-list-medium.txt)
+- [subdomain-list-large.txt](/programs/subdomain-scanner/subdomain-list-large.txt)