• Join CraxPro and earn real money through our Credit Rewards System. Participate and redeem credits for Bitcoin/USDT. Start earning today!
    Read the detailed thread here

Comprehensive Guide to Ladon

Currently reading:
 Comprehensive Guide to Ladon

miracle123456

Member
LV
1
Joined
Oct 10, 2024
Threads
10
Likes
2
Awards
4
Credits
567©
Cash
0$
Ladon is an open-source tool designed for information gathering and security auditing. It is particularly useful for subdomain enumeration, DNS discovery, and OSINT (Open Source Intelligence) gathering. The tool is primarily used for discovering hidden subdomains of a given target domain, which is a critical part of the reconnaissance phase in penetration testing and vulnerability assessments.

This detailed guide will provide you with all the information needed to install, configure, and use Ladon, including its features, advanced options, and practical examples.


Table of Contents​

  1. What is Ladon?
  2. System Requirements
  3. Installation
    • Installation on Linux (Ubuntu/Debian)
    • Installation on macOS
    • Installation on Windows
  4. Basic Usage
  5. Advanced Usage
    • Using with API Keys
    • Custom Wordlist Integration
    • Customizing Data Sources
  6. Integration with Other Tools
  7. Automating with Ladon
  8. Troubleshooting
  9. Conclusion

1. What is Ladon?​

Ladon is a subdomain discovery tool designed for security professionals, penetration testers, and OSINT researchers. It offers various methods for gathering subdomains, including DNS enumeration, using search engine APIs, scraping services, and querying third-party databases. The primary goal of Ladon is to make the subdomain discovery process fast and efficient by using multiple data sources passively.

Key Features of Ladon:​

  • Passive Subdomain Enumeration: Uses data sources such as Google, VirusTotal, and Shodan to gather subdomains without interacting directly with the target.
  • Customizable: Supports the use of custom wordlists and APIs to improve subdomain discovery accuracy.
  • Multi-threaded: Implements threading to speed up the enumeration process.
  • Output Flexibility: Allows exporting results to formats such as JSON, CSV, or plain text.

2. System Requirements​

Before installing Ladon, ensure your system meets the following requirements:

  • Operating System: Linux (Ubuntu/Debian), macOS, or Windows (via WSL)
  • Programming Language: Python 3.x
  • Memory: At least 1 GB of RAM
  • Disk Space: 100 MB free space for the tool and its dependencies

3. Installation​

3.1 Installation on Linux (Ubuntu/Debian)​

  1. Install Python 3 and pip: First, update your package manager and install Python 3 and pip, which are necessary to run Ladon:
    sudo apt update
    sudo apt install python3 python3-pip
  2. Clone Ladon Repository: Use git to clone the Ladon repository:
    git clone https://github.com/guelfoweb/ladon.git
    cd ladon
  3. Install Dependencies: Install the required Python dependencies using pip:
    pip3 install -r requirements.txt
  4. Verify Installation: After installation, you can verify Ladon’s installation by running:
    python3 ladon.py -h

3.2 Installation on macOS​

  1. Install Python 3 and pip (if not already installed): If you don’t have Python 3 and pip installed, you can install them via Homebrew:
    brew install python3
  2. Clone Ladon Repository: Use the following command to clone the repository:
    git clone https://github.com/guelfoweb/ladon.git
    cd ladon
  3. Install Dependencies: Install the required libraries with pip:
    pip3 install -r requirements.txt
  4. Verify Installation: You can verify Ladon by running:
    python3 ladon.py -h

3.3 Installation on Windows (via WSL)​

  1. Install WSL: Follow the official installation guide for WSL to set up Ubuntu or another Linux distribution on Windows.
  2. Install Python 3 and pip: Inside your WSL terminal, install Python 3 and pip as you would on a Linux system:
    sudo apt update
    sudo apt install python3 python3-pip
  3. Clone Ladon Repository: Clone the repository from GitHub:
    git clone https://github.com/guelfoweb/ladon.git
    cd ladon
  4. Install Dependencies: Install the necessary libraries:
    pip3 install -r requirements.txt
  5. Verify Installation: To confirm that Ladon was installed correctly, use the following command:

    python3 ladon.py -h

4. Basic Usage​

Once Ladon is installed, you can begin using it to discover subdomains for your target domain.

Basic Command Syntax​

To run Ladon on a target domain (e.g., example.com), use:
python3 ladon.py -d example.com
This will search for subdomains of example.com using the default data sources.

Additional Basic Options​

  • -d: Specifies the target domain.
  • -o: Allows you to specify the output format (e.g., json, csv, txt).
  • -s: Specify specific sources to use for enumeration (e.g., virustotal, shodan).
Example to use multiple sources:
python3 ladon.py -d example.com -s virustotal,shodan -o json
This will use both the VirusTotal and Shodan data sources for subdomain discovery and save the results in JSON format.


5. Advanced Usage​

5.1 Using API Keys​

Ladon integrates with various APIs (e.g., VirusTotal, Shodan, Censys) for better subdomain discovery. To take advantage of these APIs, you need to configure them in the config.yaml file.
  1. Open the config.yaml file in the Ladon directory.
  2. Add your API keys:
    yaml
    virustotal:
    api_key: "YOUR_VIRUSTOTAL_API_KEY"
    shodan:
    api_key: "YOUR_SHODAN_API_KEY"
    censys:
    id: "YOUR_CENSYS_API_ID"
    secret: "YOUR_CENSYS_API_SECRET"

5.2 Custom Wordlist Integration​

You can customize the wordlist for brute-force subdomain enumeration by specifying your wordlist with the -w flag:
python3 ladon.py -d example.com -w /path/to/your/wordlist.txt
This will use your custom wordlist for subdomain discovery.

5.3 Customizing Data Sources​

You can configure Ladon to use only specific data sources. Use the -s option to choose from available data sources, such as:
  • shodan
  • virustotal
  • censys
  • dnsdumpster
Example of using Shodan and VirusTotal:
python3 ladon.py -d example.com -s shodan,virustotal
This command limits the sources to Shodan and VirusTotal only.


6. Integration with Other Tools​

Ladon can be integrated with other tools to enhance your subdomain enumeration workflow. For example, you can combine it with httpx for live host checking, nmap for service discovery, or dnsx for DNS probing.
Example using httpx to check active subdomains:
python3 ladon.py -d example.com | httpx -silent
This will discover subdomains with Ladon and pipe the results directly into httpx to check which subdomains are live.


7. Automating with Ladon​

For large-scale or repeated scans, you can automate Ladon using shell scripts or Python scripts.

Example Bash Script for Batch Enumeration​

Create a file subdomain_scan.sh:
#!/bin/bash
for domain in $(cat domains.txt); do
echo "Running subdomain scan for $domain"
python3 ladon.py -d $domain -o $domain.txt

This script reads a list of domains from domains.txt, runs Ladon for each domain, and saves the results in separate files for each domain.


8. Troubleshooting​

Common Issues and Fixes​

  1. Missing API Key Errors: Ensure you have added valid API keys in the config.yaml file for services like VirusTotal, Shodan, etc.
  2. No Results Found: If Ladon isn’t finding any subdomains, ensure you are using valid sources. You can add more sources or use a larger wordlist for brute-force scanning.
  3. Installation Issues: Ensure that Python and pip are correctly installed. Run pip3 install -r requirements.txt to ensure all dependencies are installed.

9. Conclusion​

Ladon is a powerful and flexible tool for passive subdomain enumeration. By leveraging various data sources and APIs, it can quickly identify subdomains associated with a target domain. Whether you're a penetration tester, security researcher, or OSINT enthusiast, Ladon offers an effective way to gather domain-related information without active scanning.

By following the steps outlined in this guide, you should now have a functional installation of Ladon and be ready to use it for subdomain discovery and OSINT tasks. With further integration, automation, and customization, Ladon can fit into any larger reconnaissance or security assessment workflow.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Tips
Top Bottom