Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

Overview

subfinder

Fast passive subdomain enumeration tool.

FeaturesInstallUsageAPI SetupLicenseJoin Discord


Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.

We have designed subfinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.

Features

subfinder

  • Fast and powerful resolution and wildcard elimination module
  • Curated passive sources to maximize results
  • Multiple Output formats supported (Json, File, Stdout)
  • Optimized for speed, very fast and lightweight on resources
  • STDIN/OUT support for integrating in workflows

Usage

subfinder -h

This will display help for the tool. Here are all the switches it supports.

Flag Description Example
-all Use all sources (slow) for enumeration subfinder -d uber.com -all
-config Configuration file for API Keys, etc subfinder -config config.yaml
-d Domain to find subdomains for subfinder -d uber.com
-dL File containing list of domains to enumerate subfinder -dL hackerone-hosts.txt
-exclude-sources List of sources to exclude from enumeration subfinder -exclude-sources archiveis
-max-time Minutes to wait for enumeration results (default 10) subfinder -max-time 1
-nC Don't Use colors in output subfinder -nC
-nW Remove Wildcard & Dead Subdomains from output subfinder -nW
-ls List all available sources subfinder -ls
-o File to write output to (optional) subfinder -o output.txt
-oD Directory to write enumeration results to (optional) subfinder -oD ~/outputs
-oI Write output in Host,IP format subfinder -oI
-oJ Write output in JSON lines Format subfinder -oJ
-r Comma-separated list of resolvers to use subfinder -r 1.1.1.1,1.0.0.1
-rL Text file containing list of resolvers to use subfinder -rL resolvers.txt
-recursive Enumeration recursive subdomains subfinder -d news.yahoo.com -recursive
-silent Show only subdomains in output subfinder -silent
-sources Comma separated list of sources to use subfinder -sources shodan,censys
-t Number of concurrent goroutines for resolving (default 10) subfinder -t 100
-timeout Seconds to wait before timing out (default 30) subfinder -timeout 30
-v Show Verbose output subfinder -v
-version Show current program version subfinder -version

Installation

Subfinder requires go1.14+ to install successfully. Run the following command to get the repo -

▶ GO111MODULE=on go get -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder

Post Installation Instructions

Subfinder will work after using the installation instructions however to configure Subfinder to work with certain services, you will need to have setup API keys. The following services do not work without an API key:

Theses values are stored in the $HOME/.config/subfinder/config.yaml file which will be created when you run the tool for the first time. The configuration file uses the YAML format. Multiple API keys can be specified for each of these services from which one of them will be used for enumeration.

For sources that require multiple keys, namely Censys, Passivetotal, they can be added by separating them via a colon (:).

An example config file -

resolvers:
  - 1.1.1.1
  - 1.0.0.1
sources:
  - binaryedge
  - bufferover
  - censys
  - passivetotal
  - sitedossier
binaryedge:
  - 0bf8919b-aab9-42e4-9574-d3b639324597
  - ac244e2f-b635-4581-878a-33f4e79a2c13
censys:
  - ac244e2f-b635-4581-878a-33f4e79a2c13:dd510d6e-1b6e-4655-83f6-f347b363def9
certspotter: []
passivetotal:
  - [email protected]:sample_password
securitytrails: []
shodan:
  - AAAAClP1bJJSRMEYJazgwhJKrggRwKA
github:
  - d23a554bbc1aabb208c9acfbd2dd41ce7fc9db39
  - asdsd54bbc1aabb208c9acfbd2dd41ce7fc9db39

Running Subfinder

To run the tool on a target, just use the following command.

▶ subfinder -d example.com

The verbose flag v can be used to display verbose information.

[bufferover] lutin.dima.example.com
[bufferover] izosimdima.example.com
[bufferover] glazkovdima.example.com
[bufferover] dengshima.example.com
[bufferover] wwwkima.example.com
[bufferover] proxima.example.com
[bufferover] mma.example.com
[bufferover] damidoma.example.com
[bufferover] nomerdoma.example.com
[bufferover] soti.croma.example.com

The -o command can be used to specify an output file.

▶ subfinder -d example.com -o output.txt

To run the tool on a list of domains, -dL option can be used. This requires a directory to write the output files. Subdomains for each domain from the list are written in a text file in the directory specified by the -oD flag with their name being the domain name.

▶ cat domains.txt
hackerone.com
google.com

▶ subfinder -dL domains.txt -oD ~/path/to/output
▶ ls ~/path/to/output

hackerone.com.txt
google.com.txt

You can also get output in json format using -oJ switch. This switch saves the output in the JSON lines format.

If you use the JSON format, or the Host:IP format, then it becomes mandatory for you to use the -nW format as resolving is essential for these output format. By default, resolving the found subdomains is disabled.

▶ subfinder -d hackerone.com -o output.json -oJ -nW
▶ cat output.json

{"host":"www.hackerone.com","ip":"104.16.99.52"}
{"host":"mta-sts.hackerone.com","ip":"185.199.108.153"}
{"host":"hackerone.com","ip":"104.16.100.52"}
{"host":"mta-sts.managed.hackerone.com","ip":"185.199.110.153"}

The subdomains discovered can be piped to other tools too. For example, you can pipe the subdomains discovered by subfinder to httpx httpx which will then find running http servers on the host.

echo hackerone.com | subfinder -silent | httpx -silent

http://hackerone.com
http://www.hackerone.com
http://docs.hackerone.com
http://api.hackerone.com
https://docs.hackerone.com
http://mta-sts.managed.hackerone.com

Subfinder with docker

You can use the official dockerhub image at subfinder. Simply run -

▶ docker pull projectdiscovery/subfinder

The above command will pull the latest tagged release from the dockerhub repository.

If you want to build the container yourself manually, git clone the repo, then build and run the following commands

  • Clone the repo using git clone https://github.com/projectdiscovery/subfinder.git
  • Build your docker container
docker build -t projectdiscovery/subfinder .

If you are using docker, you need to first create your directory structure holding subfinder configuration file. After modifying the default config.yaml file, you can run:

▶ mkdir -p $HOME/.config/subfinder
▶ cp config.yaml $HOME/.config/subfinder/config.yaml
▶ nano $HOME/.config/subfinder/config.yaml

After that, you can pass it as a volume using the following sample command.

▶ docker run -v $HOME/.config/subfinder:/root/.config/subfinder -it projectdiscovery/subfinder -d example.com

For example, this runs the tool against example.com and output the results to your host file system:

docker run -v $HOME/.config/subfinder:/root/.config/subfinder -it projectdiscovery/subfinder -d example.com > example.com.txt

Resources

License

subfinder is made with 🖤 by the projectdiscovery team. Community contributions have made the project what it is. See the Thanks.md file for more details.

Read the disclaimer for usage at DISCLAIMER.md and contact us for any API removal.

Issues
  • Docker configuration persistence errors

    Docker configuration persistence errors

    What's the problem (or question)?

    Config file error while running the binary even config file placed under $GOPATH/bin

    Do you have an idea for a solution?

    Not sure!

    How can we reproduce the issue?

    1. Run the subfinder from anywhere in root path

    What are the running context details?

    • Installation method (go get):
    • Client OS (Ubuntu)
    [email protected]:~# ls $GOPATH/bin | grep config
    config.json
    [email protected]:~# subfinder 
    
                 __     ___ __          __            
    .-----.--.--|  |--.'  _|__.-----.--|  .-----.----.
    |__ --|  |  |  _  |   _|  |     |  _  |  -__|   _|
    |_____|_____|_____|__| |__|__|__|_____|_____|__|  
    
    SubFinder v0.1.0          Made with ❤ by @Ice3man
    ==================================================open ./config.json: no such file or directory
    [email protected]:~# 
    
    Type: Bug 
    opened by ehsandeep 23
  • Could not run enumeration (too many open files error)

    Could not run enumeration (too many open files error)

    What's the problem (or question)?

    While performing an automatic scan, the following problem occurred:

    [FTL] Could not run enumeration: open /11/miningpools.cloud.txt: too many open files After this message Subfinder stopped working.

    How can we reproduce the issue?

    1. Start Subfinder with the following command, cat '/URLsToScan.txt' | 'go/bin/subfinder' -config '/Config/subfinder/config.yaml' -t 100 -timeout 1 -silent -oD /11/ | tee /URLsToScanDONEsubfinder.txt After 1034 URLS the error occurred. I don't know if it is a problem in Subfinder or again a problem with my internet connection.

    What are the running context details?

    • Installation method (e.g. pip, apt-get, git clone or zip/tar.gz): GO111MODULE=on go get -v github.com/projectdiscovery/subfinder/cmd/subfinder
    • Client OS : Linux
    • Program version (see banner): 2.3.4
    • Exception traceback (if any): [FTL] Could not run enumeration: open /11/miningpools.cloud.txt: too many open files
    Priority: Medium Type: Bug 
    opened by ZeroDot1 19
  • panic while running job: runtime error: invalid memory address or nil pointer dereference

    panic while running job: runtime error: invalid memory address or nil pointer dereference

    The application crashes with some domains, maybe invalid responses are not handled properly somewhere in code...

    panic: runtime error: invalid memory address or nil pointer dereference [recovered]
            panic: interface conversion: interface {} is runtime.errorString, not string
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x40 pc=0x6b9d9b]
    
    goroutine 36 [running]:
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).subworker.func1(0xc420074af0)
            /home/ec2-user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:61 +0x163
    panic(0x717da0, 0x93b9f0)
            /usr/local/go/src/runtime/panic.go:502 +0x229
    github.com/subfinder/subfinder/libsubfinder/sources/ipv4info.Query(0xc4200e6a60, 0x2, 0x2, 0x68c801, 0x101)
            /home/ec2-user/go/src/github.com/subfinder/subfinder/libsubfinder/sources/ipv4info/ipv4info.go:99 +0x8fb
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).subworker(0xc420096b40, 0xc420074af0)
            /home/ec2-user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:64 +0x6e
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).worker(0xc420096b40, 0x11)
            /home/ec2-user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:78 +0xb3
    created by github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).Run
            /home/ec2-user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:181 +0x7f
    
    Type: Bug 
    opened by TvMpt 19
  • Passive Engine Re-write for Paralellism

    Passive Engine Re-write for Paralellism

    • Passive engine rewrite: Ok
    • General code refactor: Ok
    • some missing code: Fixed (Need to be tested)

    @codingo @Ice3man543

    Changelog

    • Introduced general pool backbone (applied to passive and resolver engines)
    • Passive engine now works in parallel
    Type: Enhancement 
    opened by Mzack9999 17
  • [Issue] mkdir permission denied

    [Issue] mkdir permission denied

    Describe the bug [FTL] Could not get user home: mkdir /home/ubuntu/.config/subfinder: permission denied

    Subfinder version Include the version of subfinder you are using, subfinder -version I am guessing its the latest version as of the day of posting, i used "go get -u -v github.com/projectdiscovery/subfinder/cmd/subfinder"

    Complete command you used to reproduce this subfinder -h

    Screenshots Add screenshots of the error for a better context. See above

    Type: Question 
    opened by gbiagomba 16
  • panic while running job

    panic while running job

    The error just happened when I checked the URL., I hope the log and the Subfinder version I used can help to solve the problem. subfinder.zip

    $ '/home/user/AppImages/subfinder' -v -r 1.1.1.1,8.8.8.8 -d hashpower.co
    ===============================================
    -=Subfinder v1.1 github.com/subfinder/subfinder
    ===============================================
    
    
    Running Source: Ask
    Running Source: Archive.is
    Running Source: Baidu
    Running Source: Bing
    Running Source: Censys
    Running Source: CertDB
    Running Source: CertificateTransparency
    Running Source: Certspotter
    Running Source: Crt.sh
    Running Source: Dnsdb
    Running Source: DNSDumpster
    Running Source: Dogpile
    Running Source: Exalead
    Running Source: Findsubdomains
    Running Source: Googleter
    Running Source: Hackertarget
    Running Source: Ipv4Info
    Running Source: Netcraft
    Running Source: PassiveTotal
    Running Source: PTRArchive
    Running Source: Riddler
    Running Source: Securitytrails
    Running Source: SSLCertificates
    Running Source: Shodan
    Running Source: Sitedossier
    Running Source: Threatcrowd
    Running Source: ThreatMiner
    Running Source: Virustotal
    Running Source: WaybackArchive
    Running Source: Yahoo
    
    Found Wildcard DNS at hashpower.co
     - 185.53.178.6
    Running enumeration on hashpower.co
    
    archiveis: Get http://archive.is/*.hashpower.co: dial tcp: lookup archive.is: Temporary failure in name resolution
    
    [DNSDB] www.hashpower.co
    riddler: failed to get authentication token
    
    [SECURITYTRAILS] www.hashpower.co
    [WAYBACKARCHIVE] hashpower.co
    [HACKERTARGET] hashpower.co2018/07/02 19:20:16 panic while running job: runtime error: invalid memory address or nil pointer dereference
    panic: runtime error: invalid memory address or nil pointer dereference [recovered]
    	panic: interface conversion: interface {} is runtime.errorString, not string
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x6bdc30]
    
    goroutine 39 [running]:
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).subworker.func1(0xc4202c4190)
    	/home/user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:61 +0x163
    panic(0x7148a0, 0x92a970)
    	/usr/lib/go/src/runtime/panic.go:502 +0x229
    github.com/subfinder/subfinder/libsubfinder/sources/sslcertificates.Query(0xc4201c01a0, 0x2, 0x2, 0x6a6601, 0x940101)
    	/home/user/go/src/github.com/subfinder/subfinder/libsubfinder/sources/sslcertificates/sslcertificates.go:35 +0xf0
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).subworker(0xc4201ee000, 0xc4202c4190)
    	/home/user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:64 +0x6e
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).worker(0xc4201ee000, 0x3)
    	/home/user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:78 +0xb3
    created by github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).Run
    	/home/user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:181 +0x7f
    [[email protected] ~]$ 
    
    
    opened by ZeroDot1 16
  • urlscan.io ?

    urlscan.io ?

    Is it possible to use urlscan.io to search for subdomains and include it in Subfinder? https://urlscan.io/about-api/ https://urlscan.io/

    https://github.com/heywoodlh/urlscan-py/blob/master/bin/urlscan

    Type: Enhancement 
    opened by ZeroDot1 15
  • panic while running job: runtime error: invalid memory address or nil pointer dereference

    panic while running job: runtime error: invalid memory address or nil pointer dereference

    2018/06/22 09:58:53 panic while running job: runtime error: invalid memory address or nil pointer dereference
    panic: runtime error: invalid memory address or nil pointer dereference [recovered]
    	panic: interface conversion: interface {} is runtime.errorString, not string
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x40 pc=0x12bb293]
    
    goroutine 93 [running]:
    github.com/Ice3man543/subfinder/libsubfinder/helper.(*Pool).subworker.func1(0xc4200888c0)
    	/Users/hehe/go/src/github.com/Ice3man543/subfinder/libsubfinder/helper/pool.go:61 +0x163
    panic(0x1313a00, 0x152d8e0)
    	/usr/local/Cellar/go/1.10.1/libexec/src/runtime/panic.go:502 +0x229
    github.com/Ice3man543/subfinder/libsubfinder/sources/riddler.Query(0xc4200ee900, 0x2, 0x2, 0x12a8701, 0x101)
    	/Users/hehe/go/src/github.com/Ice3man543/subfinder/libsubfinder/sources/riddler/riddler.go:57 +0x273
    github.com/Ice3man543/subfinder/libsubfinder/helper.(*Pool).subworker(0xc420092aa0, 0xc4200888c0)
    	/Users/hehe/go/src/github.com/Ice3man543/subfinder/libsubfinder/helper/pool.go:64 +0x6e
    github.com/Ice3man543/subfinder/libsubfinder/helper.(*Pool).worker(0xc420092aa0, 0x1a)
    	/Users/hehe/go/src/github.com/Ice3man543/subfinder/libsubfinder/helper/pool.go:78 +0xb3
    created by github.com/Ice3man543/subfinder/libsubfinder/helper.(*Pool).Run
    
    

    when I run this program, the program stopped by above error. I didn't debug your program. so I'm not sure what the real problem is. by the way, I live in China, I guess this situation may be caused by internet firewall.

    opened by imnewbe 12
  • [Issue] Docker build not working anymore (undefined: gologger.Warningf)

    [Issue] Docker build not working anymore (undefined: gologger.Warningf)

    $ docker build -t subfinder https://github.com/subfinder/subfinder.git
    Sending build context to Docker daemon  2.493MB
    Step 1/8 : FROM golang:1.13.4-alpine3.10 AS build-env
     ---> 3024b4e742b0
    Step 2/8 : MAINTAINER Ice3man ([email protected])
     ---> Using cache
     ---> 1fe09315eae2
    Step 3/8 : RUN apk add --no-cache --upgrade git openssh-client ca-certificates
     ---> Using cache
     ---> 0deb55f0c8f8
    Step 4/8 : RUN go get -u github.com/golang/dep/cmd/dep
     ---> Using cache
     ---> d8a9be51b68d
    Step 5/8 : RUN go get -u github.com/projectdiscovery/subfinder/v2/cmd/subfinder
     ---> Running in ddc9d50a02d2
    # github.com/projectdiscovery/subfinder/v2/pkg/subscraping
    src/github.com/projectdiscovery/subfinder/v2/pkg/subscraping/agent.go:93:4: undefined: gologger.Warningf
    The command '/bin/sh -c go get -u github.com/projectdiscovery/subfinder/v2/cmd/subfinder' returned a non-zero code: 2
    

    Any idea why ?

    Thanks,

    Type: Question 
    opened by phackt 10
  • Error while running

    Error while running

    Subfinder was working pretty fine about 3 days ago now I am getting this error

    Note: I have tried it on 3 different instances and I am having this error on every single on of them. Also removed and reinstall via go get and docker but same error.

    $ uname -a Linux username 5.2.0-kali3-cloud-amd64 #1 SMP Debian 5.2.17-1kali1 (2019-09-27) x86_64 GNU/Linux

    $ go version go version go1.12.10 linux/amd64

    go env Output
    $ go env
    GOARCH="amd64"
    GOBIN=""
    GOCACHE="/root/.cache/go-build"
    GOEXE=""
    GOFLAGS=""
    GOHOSTARCH="amd64"
    GOHOSTOS="linux"
    GOOS="linux"
    GOPATH="/root/go"
    GOPROXY=""
    GORACE=""
    GOROOT="/usr/lib/go-1.12"
    GOTMPDIR=""
    GOTOOLDIR="/usr/lib/go-1.12/pkg/tool/linux_amd64"
    GCCGO="gccgo"
    CC="gcc"
    CXX="g++"
    CGO_ENABLED="1"
    GOMOD=""
    CGO_CFLAGS="-g -O2"
    CGO_CPPFLAGS=""
    CGO_CXXFLAGS="-g -O2"
    CGO_FFLAGS="-g -O2"
    CGO_LDFLAGS="-g -O2"
    PKG_CONFIG="pkg-config"
    GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build477441473=/tmp/go-build -gno-record-gcc-switches"
    
    Running enumeration on testing.com
    
    dnsdb: Unexpected return status 404
    2019/10/16 07:08:08 panic while running job: runtime error: index out of range
    panic: runtime error: index out of range [recovered]
            panic: interface conversion: interface {} is runtime.errorString, not string
    
    goroutine 91 [running]:
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).subworker.func1(0xc000110410)
            /root/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:61 +0x1c9
    panic(0x75e8a0, 0xa96a00)
            /usr/lib/go-1.12/src/runtime/panic.go:522 +0x1b5
    github.com/subfinder/subfinder/libsubfinder/sources/dnsdumpster.Query(0xc000114460, 0x2, 0x2, 0x6c7101, 0xaa0101)
            /root/go/src/github.com/subfinder/subfinder/libsubfinder/sources/dnsdumpster/dnsdumpster.go:61 +0x14a6
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).subworker(0xc000080e60, 0xc000110410)
            /root/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:64 +0x6e
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).worker(0xc000080e60, 0x18)
            /root/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:78 +0xb3
    created by github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).Run
            /root/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:181 +0x7d
    

    Thanks if you could help me out.

    opened by R34LUS3R 9
  • Issue 378 goflag support

    Issue 378 goflag support

    null

    status:in-review 🔨 Type: Enhancement 
    opened by LuitelSamikshya 0
  • New Data Source: FullHunt.io

    New Data Source: FullHunt.io

    Please describe your feature request:

    FullHunt released a public API to identify the attack surfaces of organizations for free. It will be great if a module is added into subfinder to use FullHunt.io.

    Use-Case: Identifying new external assets using the FullHunt API, for free.

    Release Blog Post: https://fullhunt.io/blog/2021/11/10/fullhunt-public-api-release.html

    API Documentation: https://api-docs.fullhunt.io

    Priority: Medium Type: Enhancement 
    opened by mazen160 0
  • Re-add C99 source

    Re-add C99 source

    Pull request to re-add C99 source, as it did not make it into the master branch

    opened by taythebot 0
  • [+] add quake api for subfinder

    [+] add quake api for subfinder

    Quake is a awesome cyberspace mapping engine, and you can use it to discover more subdomains. Like:

    ❯ ./subfinder -d skyscanner.net -sources quake
    
                   __    _____           __         
       _______  __/ /_  / __(_)___  ____/ /__  _____
      / ___/ / / / __ \/ /_/ / __ \/ __  / _ \/ ___/
     (__  ) /_/ / /_/ / __/ / / / / /_/ /  __/ /    
    /____/\__,_/_.___/_/ /_/_/ /_/\__,_/\___/_/ v2.4.8
    
                    projectdiscovery.io
    
    Use with caution. You are responsible for your actions
    Developers assume no liability and are not responsible for any misuse or damage.
    By using subfinder, you also agree to the terms of the APIs used.
    
    [INF] Enumerating subdomains for skyscanner.net
    analytics.skyscanner.net
    ww2.business.skyscanner.net
    carhirehelp.skyscanner.net
    business.skyscanner.net
    api.skyscanner.net
    slipstream.skyscanner.net
    ablink.sender.skyscanner.net
    translate.skyscanner.net
    hotelshelp.skyscanner.net
    support.business.skyscanner.net
    help.skyscanner.net
    gateway.skyscanner.net
    talent.skyscanner.net
    cn.skyscanner.net
    www.partners.skyscanner.net
    forum.skyscanner.net
    clicks.skyscanner.net
    se.skyscanner.net
    news.skyscanner.net
    futuretech.skyscanner.net
    partners.skyscanner.net
    m.skyscanner.net
    travelpro.skyscanner.net
    yj.partners.api.skyscanner.net
    azuremfa.skyscanner.net
    widgets.skyscanner.net
    www.skyscanner.net
    redirect.skyscanner.net
    partners.api.skyscanner.net
    www.futuretech.skyscanner.net
    [INF] Found 30 subdomains for skyscanner.net in 7 seconds 358 milliseconds
    

    In config.yaml, you only need to add the following fields

    resolvers:
        - 1.1.1.1
        - 1.0.0.1
        - 8.8.8.8
        - 8.8.4.4
        - 9.9.9.9
        - 9.9.9.10
        - 77.88.8.8
        - 77.88.8.1
        - 208.67.222.222
        - 208.67.220.220
    sources:
        - quake
    all-sources:
        - quake
    quake: []
    subfinder-version: 2.4.8
    
    status:in-review 🔨 
    opened by zer0yu 7
  • Adding goflags support

    Adding goflags support

    Goflags:- https://github.com/projectdiscovery/goflags that comes with the following support

    • Auto-generated Flag configuration file
    • Long / Short formatted flag support
    • Help menu grouping support
    Priority: Medium Status: In Progress Type: Enhancement 
    opened by ehsandeep 0
  • Cloudlist integration

    Cloudlist integration

    Is your feature request related to a problem? Please describe. I've assets hosted on multiple cloud solutions and I wanted to list and include them with subfinder for my testing pipeline.

    Describe the solution you'd like cloudlist integration with subfinder.

    Priority: Medium Type: Enhancement 
    opened by ehsandeep 1
Releases(v2.4.9)
Owner
ProjectDiscovery
Security Through Intelligent Automation
ProjectDiscovery
sonarbyte is a simple and fast subdomain scanner written in go to extract subdomain from Rapid7's DNS Database using omnisint's api.

sonarbyte Description Sonarbyte is a simple and fast subdomain scanner written in go to extract subdomains from Rapid7's DNS Database using omnisint's

Chan Nyein Wai 19 Nov 30, 2021
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

gilfoyle97 281 Nov 30, 2021
A tool get level of subdomain from 1....n

dlevel Get any level of subdomain from 1....N Install go get -u github.com/MPaandeey/dlevel Usage Example ?? files.txt hackerone.com info.hackerone.co

Maruthu Pandey 9 Nov 16, 2021
Argus is a subdomain enumeration tool

Argus Argus is a domain enumeration tool. Usage : LINUX : ./argus Windows : double click the executable or .\argus When you enter the domain name , pl

Surya Poojary 1 Nov 18, 2021
Get related domains / subdomains by looking at Google Analytics IDs

AnalyticsRelationships This script try to get related domains / subdomains by looking at Google Analytics IDs from a URL. First search for ID of Googl

Josué Encinar 88 Nov 3, 2021
This is a proof of concept (PoC) for creating a QR code system for proving that one has had a valid vaccination record

TestVac QR Core This is a proof of concept (PoC) for creating a QR code system for proving that one has had a valid vaccination record (FHIR, see http

Ministerie van Volksgezondheid, Welzijn en Sport 33 Nov 22, 2021
Get subdomain list and check whether they are active or not by each response code. Using API by c99.nl

getsubdomain Get subdomain list and check whether they are active or not by each response code. Using API by c99.nl Installation ▶ go install github.c

Akbar Kustirama 5 Dec 1, 2021
lite version of gobuster. Only subdomain brute. 内网轻量化子域名爆破工具

gobusterdns lite version of gobuster. Only subdomain brute. 内网轻量化子域名爆破工具 适合指定dns跑内网子域名 与原版的修改 精简功能,仅支持子域名扫描 可导入domain list文件扫描

TimWhite 34 Nov 29, 2021
Subdomain takeover

CtrlSub subdomain take over tools The project is inspired by SubOver Install go get github.com/mmta41/ctrlsub Usage ./ctrlsub -l sub.host.com Todo U

Mohamad 2 Sep 30, 2021
Super simple tcp intranet penetration proxy program

A super easy to configure tcp intranet penetration proxy program that forwards intranet tcp ports to public network servers. Tested proxies for intranet HTTP services, windows remote desktop, ssh access and other scenarios.

null 8 Nov 25, 2021
AutoTrackIR will automatically re-enabled your Track IR if flight simulator disabled it. (bug introduce in SU7)

AutoTrackIR AutoTrackIR will automatically re-enable your Track IR if flight simulator disabled it. (bug introduce in SU7) How it works ? It just watc

Stéphane Depierrepont 0 Nov 27, 2021
A quick and dirty but useful tool to download each text/html page from the wayback machine for a specific domain and search for keywords within the saved content

wayback-keyword-search A quick and dirty but useful tool to download each text/html page from the wayback machine for a specific domain and search for

null 31 Dec 2, 2021
GO2P is a P2P framework, designed with flexibility and simplicity in mind

go2p golang p2p framework By v-braun - viktor-braun.de. Description GO2P is a P2P framework, designed with flexibility and simplicity in mind. You can

Viktor Braun 85 Nov 7, 2021
Use Consul to do service discovery, use gRPC +kafka to do message produce and consume. Use redis to store result.

目录 gRPC/consul/kafka简介 gRPC+kafka的Demo gRPC+kafka整体示意图 限流器 基于redis计数器生成唯一ID kafka生产消费 kafka生产消费示意图 本文kafka生产消费过程 基于pprof的性能分析Demo 使用pprof统计CPU/HEAP数据的

null 38 Jan 31, 2021
Service registration and discovery, support etcd, zookeeper, consul, etc.

discox 支持类型 zookeeper etcd consul 示例 zookeeper server package main import ( "fmt" "github.com/goeasya/discox" "os" ) func main() { cfg := discox

goeasya 2 Oct 22, 2021
A service registry and service discovery implemention for kitex based on etcd

kitex etcd Introduction kitexetcd is an implemention of service registry and service discovery for kitex based on etcd. Installation go get -u github.

null 3 Nov 27, 2021
Pure-Go library for cross-platform local peer discovery using UDP multicast :woman: :repeat: :woman:

peerdiscovery Pure-go library for cross-platform thread-safe local peer discovery using UDP multicast. I needed to use peer discovery for croc and eve

Zack 514 Nov 27, 2021
O365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365

O365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365 (now/soon Microsoft365). O365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools do not use.

Trewis [work] Scotch 1 Nov 18, 2021