Sonar is a reconnaissance tool for enumerating sub domains. It was modeled after Knock and DNSRecon though explicitly not written in Python to avoid the limitations of threading and dependencies. Sonar is statically compiled meaning it has no dependencies and even dynamically builds the default wordlist in at compile time to ensure it is portable. It has native support for most modern operating systems and most modern architectures using Go’s extremely simple and fast standard cross compilation toolchain.
+ Zone Transfers
+ Wordlist based brute force
+ Multiple output formats (json, xml, nmap list)
+ Wildcard Detection and bypass
+ Static compilation
+ No external dependencies
+ Windows/Linux/Mac/FreeBSD on x86, x86_64, arm
Sonar is designed to be totally self contained and thus compiles in the wordlist to the executable so that it doesn’t have to find it on disk. A default wordlist is provided as part of the source but there is also a utility provided, the wordlist_generator, for generating your own from a newline delimited wordlist. You can find the utility in cmd/wordlist_generator and use that to generate a new source file with the custom wordlist before compiling sonar.
git clone https://github.com/jrozner/sonar && cd sonar