# DomLink — Automating domain discovery

TLDR: Give DomLink a domain, it’ll go and find associated organization and e-mail registered then use this information to perform reverse WHOIS. Simple. You then get an output of lots of other associated domains registered by the company.

Author: Vincent Yiu (@vysecurity)

### DomLink <a href="#domlink" id="domlink"></a>

Not saying this is a new thing, but I needed a tool to do this without me having to manually do it over and over again for larger businesses. It’s useful for both Bug Bounty hunters who need to discover scope, penetration testers or even red teamers who need to map out the target’s digital attack surface.

DomLink roughly follows the following process. It takes the user-supplied domain name, looks for associated organization and e-mail records. It then takes the associated organization records and performs a Reverse WHOIS to discover additional domains which have associated e-mails attached to them. The tool prompts you with whether or not you want to add the discovered e-mail to your list of organization e-mails (most of the time requires human interaction to filter out junk). It then runs a further domain enumeration phase by taking the total list of associated e-mails and runs Reverse WHOIS on it again to get a final list of associated organizations, e-mails and domains.

![](/files/-LQ2ln5Tww03CYuuGVmL)

You might be thinking, why not run this in a recursive loop? Why even have manual prompting? I thought about this, and tried it, but without manual filtering, it ends up recursing out and obtains a whole load of junk domains not associated anymore. Therefore I stopped with a simple iteration and it works pretty good.

### Example <a href="#example" id="example"></a>

![](/files/-LQ2lpDLZ-Bajfg7aGCL)

### Download Link <a href="#downloadlink" id="downloadlink"></a>

* [DomLink - A tool to link a domain with registered organisation names and emails, to other domains.](https://github.com/vysec/domlink)

License: [MIT https://github.com/vysecurity/DomLink/blob/master/LICENSE.md](https://github.com/vysecurity/DomLink/blob/master/LICENSE.md)

### Usage <a href="#usage" id="usage"></a>

1. Get an API key from WHOXY.com
2. Set that API key in a file named domLink.cfg in the same directory.

   python domlink.py -d target.com -o target.out.txt


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.vincentyiu.com/red-team/reconaissance/domlink-automating-domain-discovery.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.