waymore

Search for URLs of a domain (output will typically be in ~/.config/waymore/results/)

$ waymore [[-i|--input]] [example.com]

$ waymore -mode U [[-oU|--output-urls]] [path/to/example.com-urls.txt] [[-i|--input]] [example.com]

$ waymore -mode R [[-oR|--output-responses]] [path/to/example.com-url-responses] [[-i|--input]] [example.com]

$ waymore -from [YYYYMMDD|YYYYMM|YYYY] [[-to|--to-date]] [YYYYMMDD|YYYYMM|YYYY] [[-i|--input]] [example.com]

python3 WayMore.py --url target_url [options]

-u, --url target_url
    Specifies the target URL or domain for which subdomains and IPs are to be enumerated. This is a mandatory argument for the tool to function.

-o, --output file_path
    Saves the discovered subdomains to the specified output file, one subdomain per line.

-s, --subs file_path
    Saves both the discovered subdomains and their resolved IP addresses to the specified output file.

-w, --waymore
    Instructs the tool to run only its native WayMore.py enumeration logic, without utilizing or integrating with the 'bbot' tool.

-b, --bbot
    Instructs the tool to run only the 'bbot' integration logic for reconnaissance, bypassing WayMore.py's specific WayBack Machine queries.

-c, --combine
    Enables a combined mode where results from both WayMore.py's internal methods and the 'bbot' integration are gathered and presented.

-p, --parallel num_threads
    Sets the number of parallel threads or concurrent workers to use for faster data fetching and processing.

-t, --timeout seconds
    Defines the maximum time in seconds to wait for a network request to complete before timing out.

--no-subs
    A flag to prevent the tool from enumerating or displaying subdomains. Useful if only IP resolution or other data is needed.

--no-ips
    A flag to prevent the tool from resolving IP addresses for the discovered subdomains.

--no-archive
    Disables querying the WayBack Machine. The tool will then rely on other integrated sources (e.g., bbot) if enabled.

The command 'waymore' is not a standard, pre-installed Linux utility. This analysis is based on WayMore.py, a popular Python-based open-source intelligence (OSINT) tool. Its primary function is to perform subdomain enumeration and IP address discovery by leveraging historical data from the WayBack Machine (archive.org).

WayMore.py helps security professionals, penetration testers, and bug bounty hunters to uncover both active and forgotten subdomains associated with a target domain, significantly expanding the attack surface for further reconnaissance. It can also resolve the corresponding IP addresses for these subdomains. The tool is designed to be efficient and also offers integration capabilities with other reconnaissance tools like bbot for a more comprehensive data collection strategy.

The term 'waymore' does not refer to a standard, universally available Linux command. This analysis specifically addresses WayMore.py, a third-party Python script. It requires Python 3 and its associated dependencies to be installed on the system. As an OSINT tool, its effectiveness relies on the availability and accuracy of external data sources like the WayBack Machine. Users should always ensure they have legal authorization before performing reconnaissance on any target domain.

Since WayMore.py is a Python script, it is not installed via typical package managers like `apt` or `dnf`. It's commonly acquired by cloning its GitHub repository and installing Python dependencies using `pip`.

Example Installation (from source):
git clone https://github.com/six2fan/WayMore.git
cd WayMore
pip3 install -r requirements.txt

Example Usage:
To find subdomains for 'example.com' and save them:
python3 WayMore.py --url example.com --output example_subs.txt

To find subdomains and their IPs for 'target.org' and display on screen:
python3 WayMore.py --url target.org --no-output

WayMore.py was developed as an open-source project by 'six2fan' and is primarily maintained and distributed through GitHub. Its creation aimed to fill a specific niche in the reconnaissance toolkit by efficiently leveraging the vast historical datasets of the WayBack Machine for subdomain discovery. While it doesn't possess the long history of core Linux utilities, its utility in the cybersecurity and penetration testing communities has made it a recognized tool for expanding attack surfaces during initial reconnaissance phases.

subfinder (OSINT tool), assetfinder (OSINT tool), bbot (OSINT tool), amass (OSINT tool), dig(1) (DNS lookup utility)