Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.

Overview

subfinder

Fast passive subdomain enumeration tool.

FeaturesInstallUsageAPI SetupLicenseJoin Discord


Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well.

We have designed subfinder to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.

Features

subfinder

  • Fast and powerful resolution and wildcard elimination module
  • Curated passive sources to maximize results
  • Multiple Output formats supported (Json, File, Stdout)
  • Optimized for speed, very fast and lightweight on resources
  • STDIN/OUT support for integrating in workflows

Usage

subfinder -h

This will display help for the tool. Here are all the switches it supports.

Flag Description Example
-all Use all sources (slow) for enumeration subfinder -d uber.com -all
-config Configuration file for API Keys, etc subfinder -config config.yaml
-d Domain to find subdomains for subfinder -d uber.com
-dL File containing list of domains to enumerate subfinder -dL hackerone-hosts.txt
-exclude-sources List of sources to exclude from enumeration subfinder -exclude-sources archiveis
-max-time Minutes to wait for enumeration results (default 10) subfinder -max-time 1
-nC Don't Use colors in output subfinder -nC
-nW Remove Wildcard & Dead Subdomains from output subfinder -nW
-ls List all available sources subfinder -ls
-o File to write output to (optional) subfinder -o output.txt
-oD Directory to write enumeration results to (optional) subfinder -oD ~/outputs
-oI Write output in Host,IP format subfinder -oI
-oJ Write output in JSON lines Format subfinder -oJ
-r Comma-separated list of resolvers to use subfinder -r 1.1.1.1,1.0.0.1
-rL Text file containing list of resolvers to use subfinder -rL resolvers.txt
-recursive Enumeration recursive subdomains subfinder -d news.yahoo.com -recursive
-silent Show only subdomains in output subfinder -silent
-sources Comma separated list of sources to use subfinder -sources shodan,censys
-t Number of concurrent goroutines for resolving (default 10) subfinder -t 100
-timeout Seconds to wait before timing out (default 30) subfinder -timeout 30
-v Show Verbose output subfinder -v
-version Show current program version subfinder -version

Installation

Subfinder requires go1.14+ to install successfully. Run the following command to get the repo -

▶ GO111MODULE=on go get -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder

Post Installation Instructions

Subfinder will work after using the installation instructions however to configure Subfinder to work with certain services, you will need to have setup API keys. The following services do not work without an API key:

Theses values are stored in the $HOME/.config/subfinder/config.yaml file which will be created when you run the tool for the first time. The configuration file uses the YAML format. Multiple API keys can be specified for each of these services from which one of them will be used for enumeration.

For sources that require multiple keys, namely Censys, Passivetotal, they can be added by separating them via a colon (:).

An example config file -

resolvers:
  - 1.1.1.1
  - 1.0.0.1
sources:
  - binaryedge
  - bufferover
  - censys
  - passivetotal
  - sitedossier
binaryedge:
  - 0bf8919b-aab9-42e4-9574-d3b639324597
  - ac244e2f-b635-4581-878a-33f4e79a2c13
censys:
  - ac244e2f-b635-4581-878a-33f4e79a2c13:dd510d6e-1b6e-4655-83f6-f347b363def9
certspotter: []
passivetotal:
  - [email protected]:sample_password
securitytrails: []
shodan:
  - AAAAClP1bJJSRMEYJazgwhJKrggRwKA
github:
  - d23a554bbc1aabb208c9acfbd2dd41ce7fc9db39
  - asdsd54bbc1aabb208c9acfbd2dd41ce7fc9db39

Running Subfinder

To run the tool on a target, just use the following command.

▶ subfinder -d example.com

The verbose flag v can be used to display verbose information.

[bufferover] lutin.dima.example.com
[bufferover] izosimdima.example.com
[bufferover] glazkovdima.example.com
[bufferover] dengshima.example.com
[bufferover] wwwkima.example.com
[bufferover] proxima.example.com
[bufferover] mma.example.com
[bufferover] damidoma.example.com
[bufferover] nomerdoma.example.com
[bufferover] soti.croma.example.com

The -o command can be used to specify an output file.

▶ subfinder -d example.com -o output.txt

To run the tool on a list of domains, -dL option can be used. This requires a directory to write the output files. Subdomains for each domain from the list are written in a text file in the directory specified by the -oD flag with their name being the domain name.

▶ cat domains.txt
hackerone.com
google.com

▶ subfinder -dL domains.txt -oD ~/path/to/output
▶ ls ~/path/to/output

hackerone.com.txt
google.com.txt

You can also get output in json format using -oJ switch. This switch saves the output in the JSON lines format.

If you use the JSON format, or the Host:IP format, then it becomes mandatory for you to use the -nW format as resolving is essential for these output format. By default, resolving the found subdomains is disabled.

▶ subfinder -d hackerone.com -o output.json -oJ -nW
▶ cat output.json

{"host":"www.hackerone.com","ip":"104.16.99.52"}
{"host":"mta-sts.hackerone.com","ip":"185.199.108.153"}
{"host":"hackerone.com","ip":"104.16.100.52"}
{"host":"mta-sts.managed.hackerone.com","ip":"185.199.110.153"}

The subdomains discovered can be piped to other tools too. For example, you can pipe the subdomains discovered by subfinder to httpx httpx which will then find running http servers on the host.

echo hackerone.com | subfinder -silent | httpx -silent

http://hackerone.com
http://www.hackerone.com
http://docs.hackerone.com
http://api.hackerone.com
https://docs.hackerone.com
http://mta-sts.managed.hackerone.com

Subfinder with docker

You can use the official dockerhub image at subfinder. Simply run -

▶ docker pull projectdiscovery/subfinder

The above command will pull the latest tagged release from the dockerhub repository.

If you want to build the container yourself manually, git clone the repo, then build and run the following commands

  • Clone the repo using git clone https://github.com/projectdiscovery/subfinder.git
  • Build your docker container
docker build -t projectdiscovery/subfinder .

If you are using docker, you need to first create your directory structure holding subfinder configuration file. After modifying the default config.yaml file, you can run:

▶ mkdir -p $HOME/.config/subfinder
▶ cp config.yaml $HOME/.config/subfinder/config.yaml
▶ nano $HOME/.config/subfinder/config.yaml

After that, you can pass it as a volume using the following sample command.

▶ docker run -v $HOME/.config/subfinder:/root/.config/subfinder -it projectdiscovery/subfinder -d example.com

For example, this runs the tool against example.com and output the results to your host file system:

docker run -v $HOME/.config/subfinder:/root/.config/subfinder -it projectdiscovery/subfinder -d example.com > example.com.txt

Resources

License

subfinder is made with 🖤 by the projectdiscovery team. Community contributions have made the project what it is. See the Thanks.md file for more details.

Read the disclaimer for usage at DISCLAIMER.md and contact us for any API removal.

Comments
  • Docker configuration persistence errors

    Docker configuration persistence errors

    What's the problem (or question)?

    Config file error while running the binary even config file placed under $GOPATH/bin

    Do you have an idea for a solution?

    Not sure!

    How can we reproduce the issue?

    1. Run the subfinder from anywhere in root path

    What are the running context details?

    • Installation method (go get):
    • Client OS (Ubuntu)
    [email protected]:~# ls $GOPATH/bin | grep config
    config.json
    [email protected]:~# subfinder 
    
                 __     ___ __          __            
    .-----.--.--|  |--.'  _|__.-----.--|  .-----.----.
    |__ --|  |  |  _  |   _|  |     |  _  |  -__|   _|
    |_____|_____|_____|__| |__|__|__|_____|_____|__|  
    
    SubFinder v0.1.0          Made with ❤ by @Ice3man
    ==================================================open ./config.json: no such file or directory
    [email protected]:~# 
    
    Type: Bug 
    opened by ehsandeep 23
  • Could not run enumeration (too many open files error)

    Could not run enumeration (too many open files error)

    What's the problem (or question)?

    While performing an automatic scan, the following problem occurred:

    [FTL] Could not run enumeration: open /11/miningpools.cloud.txt: too many open files After this message Subfinder stopped working.

    How can we reproduce the issue?

    1. Start Subfinder with the following command, cat '/URLsToScan.txt' | 'go/bin/subfinder' -config '/Config/subfinder/config.yaml' -t 100 -timeout 1 -silent -oD /11/ | tee /URLsToScanDONEsubfinder.txt After 1034 URLS the error occurred. I don't know if it is a problem in Subfinder or again a problem with my internet connection.

    What are the running context details?

    • Installation method (e.g. pip, apt-get, git clone or zip/tar.gz): GO111MODULE=on go get -v github.com/projectdiscovery/subfinder/cmd/subfinder
    • Client OS : Linux
    • Program version (see banner): 2.3.4
    • Exception traceback (if any): [FTL] Could not run enumeration: open /11/miningpools.cloud.txt: too many open files
    Priority: Medium Type: Bug 
    opened by ZeroDot1 19
  • panic while running job: runtime error: invalid memory address or nil pointer dereference

    panic while running job: runtime error: invalid memory address or nil pointer dereference

    The application crashes with some domains, maybe invalid responses are not handled properly somewhere in code...

    panic: runtime error: invalid memory address or nil pointer dereference [recovered]
            panic: interface conversion: interface {} is runtime.errorString, not string
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x40 pc=0x6b9d9b]
    
    goroutine 36 [running]:
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).subworker.func1(0xc420074af0)
            /home/ec2-user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:61 +0x163
    panic(0x717da0, 0x93b9f0)
            /usr/local/go/src/runtime/panic.go:502 +0x229
    github.com/subfinder/subfinder/libsubfinder/sources/ipv4info.Query(0xc4200e6a60, 0x2, 0x2, 0x68c801, 0x101)
            /home/ec2-user/go/src/github.com/subfinder/subfinder/libsubfinder/sources/ipv4info/ipv4info.go:99 +0x8fb
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).subworker(0xc420096b40, 0xc420074af0)
            /home/ec2-user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:64 +0x6e
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).worker(0xc420096b40, 0x11)
            /home/ec2-user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:78 +0xb3
    created by github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).Run
            /home/ec2-user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:181 +0x7f
    
    Type: Bug 
    opened by TvMpt 19
  • Passive Engine Re-write for Paralellism

    Passive Engine Re-write for Paralellism

    • Passive engine rewrite: Ok
    • General code refactor: Ok
    • some missing code: Fixed (Need to be tested)

    @codingo @Ice3man543

    Changelog

    • Introduced general pool backbone (applied to passive and resolver engines)
    • Passive engine now works in parallel
    Type: Enhancement 
    opened by Mzack9999 17
  • [Issue] mkdir permission denied

    [Issue] mkdir permission denied

    Describe the bug [FTL] Could not get user home: mkdir /home/ubuntu/.config/subfinder: permission denied

    Subfinder version Include the version of subfinder you are using, subfinder -version I am guessing its the latest version as of the day of posting, i used "go get -u -v github.com/projectdiscovery/subfinder/cmd/subfinder"

    Complete command you used to reproduce this subfinder -h

    Screenshots Add screenshots of the error for a better context. See above

    Type: Question 
    opened by gbiagomba 16
  • panic while running job

    panic while running job

    The error just happened when I checked the URL., I hope the log and the Subfinder version I used can help to solve the problem. subfinder.zip

    $ '/home/user/AppImages/subfinder' -v -r 1.1.1.1,8.8.8.8 -d hashpower.co
    ===============================================
    -=Subfinder v1.1 github.com/subfinder/subfinder
    ===============================================
    
    
    Running Source: Ask
    Running Source: Archive.is
    Running Source: Baidu
    Running Source: Bing
    Running Source: Censys
    Running Source: CertDB
    Running Source: CertificateTransparency
    Running Source: Certspotter
    Running Source: Crt.sh
    Running Source: Dnsdb
    Running Source: DNSDumpster
    Running Source: Dogpile
    Running Source: Exalead
    Running Source: Findsubdomains
    Running Source: Googleter
    Running Source: Hackertarget
    Running Source: Ipv4Info
    Running Source: Netcraft
    Running Source: PassiveTotal
    Running Source: PTRArchive
    Running Source: Riddler
    Running Source: Securitytrails
    Running Source: SSLCertificates
    Running Source: Shodan
    Running Source: Sitedossier
    Running Source: Threatcrowd
    Running Source: ThreatMiner
    Running Source: Virustotal
    Running Source: WaybackArchive
    Running Source: Yahoo
    
    Found Wildcard DNS at hashpower.co
     - 185.53.178.6
    Running enumeration on hashpower.co
    
    archiveis: Get http://archive.is/*.hashpower.co: dial tcp: lookup archive.is: Temporary failure in name resolution
    
    [DNSDB] www.hashpower.co
    riddler: failed to get authentication token
    
    [SECURITYTRAILS] www.hashpower.co
    [WAYBACKARCHIVE] hashpower.co
    [HACKERTARGET] hashpower.co2018/07/02 19:20:16 panic while running job: runtime error: invalid memory address or nil pointer dereference
    panic: runtime error: invalid memory address or nil pointer dereference [recovered]
    	panic: interface conversion: interface {} is runtime.errorString, not string
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x6bdc30]
    
    goroutine 39 [running]:
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).subworker.func1(0xc4202c4190)
    	/home/user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:61 +0x163
    panic(0x7148a0, 0x92a970)
    	/usr/lib/go/src/runtime/panic.go:502 +0x229
    github.com/subfinder/subfinder/libsubfinder/sources/sslcertificates.Query(0xc4201c01a0, 0x2, 0x2, 0x6a6601, 0x940101)
    	/home/user/go/src/github.com/subfinder/subfinder/libsubfinder/sources/sslcertificates/sslcertificates.go:35 +0xf0
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).subworker(0xc4201ee000, 0xc4202c4190)
    	/home/user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:64 +0x6e
    github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).worker(0xc4201ee000, 0x3)
    	/home/user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:78 +0xb3
    created by github.com/subfinder/subfinder/libsubfinder/helper.(*Pool).Run
    	/home/user/go/src/github.com/subfinder/subfinder/libsubfinder/helper/pool.go:181 +0x7f
    [[email protected] ~]$ 
    
    
    opened by ZeroDot1 16
  • urlscan.io ?

    urlscan.io ?

    Is it possible to use urlscan.io to search for subdomains and include it in Subfinder? https://urlscan.io/about-api/ https://urlscan.io/

    https://github.com/heywoodlh/urlscan-py/blob/master/bin/urlscan

    Type: Enhancement 
    opened by ZeroDot1 15
  • panic while running job: runtime error: invalid memory address or nil pointer dereference

    panic while running job: runtime error: invalid memory address or nil pointer dereference

    2018/06/22 09:58:53 panic while running job: runtime error: invalid memory address or nil pointer dereference
    panic: runtime error: invalid memory address or nil pointer dereference [recovered]
    	panic: interface conversion: interface {} is runtime.errorString, not string
    [signal SIGSEGV: segmentation violation code=0x1 addr=0x40 pc=0x12bb293]
    
    goroutine 93 [running]:
    github.com/Ice3man543/subfinder/libsubfinder/helper.(*Pool).subworker.func1(0xc4200888c0)
    	/Users/hehe/go/src/github.com/Ice3man543/subfinder/libsubfinder/helper/pool.go:61 +0x163
    panic(0x1313a00, 0x152d8e0)
    	/usr/local/Cellar/go/1.10.1/libexec/src/runtime/panic.go:502 +0x229
    github.com/Ice3man543/subfinder/libsubfinder/sources/riddler.Query(0xc4200ee900, 0x2, 0x2, 0x12a8701, 0x101)
    	/Users/hehe/go/src/github.com/Ice3man543/subfinder/libsubfinder/sources/riddler/riddler.go:57 +0x273
    github.com/Ice3man543/subfinder/libsubfinder/helper.(*Pool).subworker(0xc420092aa0, 0xc4200888c0)
    	/Users/hehe/go/src/github.com/Ice3man543/subfinder/libsubfinder/helper/pool.go:64 +0x6e
    github.com/Ice3man543/subfinder/libsubfinder/helper.(*Pool).worker(0xc420092aa0, 0x1a)
    	/Users/hehe/go/src/github.com/Ice3man543/subfinder/libsubfinder/helper/pool.go:78 +0xb3
    created by github.com/Ice3man543/subfinder/libsubfinder/helper.(*Pool).Run
    
    

    when I run this program, the program stopped by above error. I didn't debug your program. so I'm not sure what the real problem is. by the way, I live in China, I guess this situation may be caused by internet firewall.

    opened by imnewbe 12
  • [Issue] Docker build not working anymore (undefined: gologger.Warningf)

    [Issue] Docker build not working anymore (undefined: gologger.Warningf)

    $ docker build -t subfinder https://github.com/subfinder/subfinder.git
    Sending build context to Docker daemon  2.493MB
    Step 1/8 : FROM golang:1.13.4-alpine3.10 AS build-env
     ---> 3024b4e742b0
    Step 2/8 : MAINTAINER Ice3man ([email protected])
     ---> Using cache
     ---> 1fe09315eae2
    Step 3/8 : RUN apk add --no-cache --upgrade git openssh-client ca-certificates
     ---> Using cache
     ---> 0deb55f0c8f8
    Step 4/8 : RUN go get -u github.com/golang/dep/cmd/dep
     ---> Using cache
     ---> d8a9be51b68d
    Step 5/8 : RUN go get -u github.com/projectdiscovery/subfinder/v2/cmd/subfinder
     ---> Running in ddc9d50a02d2
    # github.com/projectdiscovery/subfinder/v2/pkg/subscraping
    src/github.com/projectdiscovery/subfinder/v2/pkg/subscraping/agent.go:93:4: undefined: gologger.Warningf
    The command '/bin/sh -c go get -u github.com/projectdiscovery/subfinder/v2/cmd/subfinder' returned a non-zero code: 2
    

    Any idea why ?

    Thanks,

    Type: Question 
    opened by phackt 10
  • Initial adoption of golangci-lint for continuous integration

    Initial adoption of golangci-lint for continuous integration

    Implements #277

    Needs revision, it should be set as a draft for further improvement before confirming the merge.

    There are several linters that I have disabled because for now it is a lot of work to correct the errors, for example

    • funlen: Detection of long functions.
    • gocyclo: Calculates cyclomatic complexities.
    • gosec: Inspects source code for security problems.
    • lll: Line length linter, used to enforce line length in files.

    and I have added some directives to skip the checks with (nolint) because they need a small refactor but I think it's fine for now, we can improve it in the future.

    Changes need in-depth review to make sure nothing is broken and that they are appropriate.

    If you want to test this locally with https://github.com/nektos/act you'll have to add an additional step before "Set up Go" due to a dependencies error of the nektos/act default docker image.

        steps:
          - name: Install dependencies
            run: |
              apt update
              apt install gcc build-essential --assume-yes --quiet --no-install-suggests --no-install-recommends
    
          - name: Set up Go
            uses: actions/[email protected]
            with:
              go-version: 1.13
    

    Note I added a new step golangci-lint after Build step instead of adding a new workflow file as https://github.com/golangci/golangci-lint-action#how-to-use recommends, but in the future we could move it to its own file to have better control over the actions of the GitHub workflow.

    I think the configuration is not very strict but it ensures a minimum quality of the code, if you consider it appropriate we can add other linters to make it more strict, but we have to think about it in order to facilitate the work of the collaborators in new pull requests.

    We have an open discussion here.

    I have do my best, I apologize in advance for any possible problems that may arise.

    Status: Accepted Status: Completed 
    opened by vzamanillo 9
  • go/src/github.com/projectdiscovery/subfinder/pkg/subscraping/agent.go:37:14: undefined: http.NewRequestWithContext

    go/src/github.com/projectdiscovery/subfinder/pkg/subscraping/agent.go:37:14: undefined: http.NewRequestWithContext

    What's the problem (or question)?

    Do you have an idea for a solution?

    How can we reproduce the issue?

    What are the running context details?

    • Installation method (e.g. pip, apt-get, git clone or zip/tar.gz):
    • Client OS (e.g. Microsoft Windows 10)
    • Program version (see banner):
    • Relevant console output (if any):
    • Exception traceback (if any):
    opened by itachisec 9
  • chore(deps): bump github.com/projectdiscovery/ratelimit from 0.0.1 to 0.0.2 in /v2

    chore(deps): bump github.com/projectdiscovery/ratelimit from 0.0.1 to 0.0.2 in /v2

    Bumps github.com/projectdiscovery/ratelimit from 0.0.1 to 0.0.2.

    Release notes

    Sourced from github.com/projectdiscovery/ratelimit's releases.

    Release v0.0.2

    0.0.2 (2022-11-27)

    Commits
    • c596b7e Merge pull request #16 from projectdiscovery/issue-15-autorelease
    • 02f6759 maintenance & autorelase gh action
    • 01b3991 Merge pull request #13 from projectdiscovery/dependabot/github_actions/main/g...
    • cc881a4 chore(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1
    • 7a7045e Merge pull request #12 from projectdiscovery/8-multiplatform-build
    • 89f0f79 added and tested build on linux,win and macos
    • 0635bd6 Replacing signed int with agnostic uint (#6)
    • b52c99a Merge pull request #10 from projectdiscovery/issue-7-lib-example
    • 9b8cc09 small refactor
    • 75cb8d0 fix godoc link
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    Type: Maintenance 
    opened by dependabot[bot] 0
  • Remove reconcloud and threatminer

    Remove reconcloud and threatminer

    Subfinder version:

    dev

    Current Behavior:

    API's for reconcloud and threatminer not working. reconcloud have cloudflare bot protection to their api and threatminer api is not working anymore.

    Expected Behavior:

    Remove them from subfinder sources

    https://api.threatminer.org/v2/domain.php?q=hackerone.com&rt=5 https://recon.cloud/api/search?domain=google.com

    Type: Bug Type: Maintenance 
    opened by ShubhamRasal 1
  • Default internal rate limit per source

    Default internal rate limit per source

    We can set a global rate limit (per session) but not per source.

    Not all sources are the same, there are some that respond efficiently and some that are not, I think we would need to be able to set a default (internal) rate limit to reduce the probability of error (e.g: CommonCrawl).

    The default rate limit of the source would be overridden if a rate limit was provided for the session (global).

    Type: Enhancement 
    opened by vzamanillo 0
  • Source composition with base embed source

    Source composition with base embed source

    • Treats sources as interfaces
    • Every source embeds a proper base source to prevent code duplication
    • Adds source type and API key type to extend the source information when listing the available sources.

    imagen

    opened by vzamanillo 1
  • Support custom DNSDB server

    Support custom DNSDB server

    You should be able to set a custom passive DNS - DNSDB server in the config file.

    To use CIRC.LU, SIE Europe etc as DNSDB source.

    https://github.com/projectdiscovery/subfinder/blob/cf37fb438f3839c5a8bf7223afaff313e74aa7ee/v2/pkg/subscraping/sources/dnsdb/dnsdb.go#L43

    Type: Enhancement 
    opened by emilstahl 1
Releases(v2.5.5)
Owner
ProjectDiscovery
Security Through Intelligent Automation
ProjectDiscovery
Subdomain scanner, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

ksubdomain是一款基于无状态的子域名爆破工具,类似无状态端口扫描,支持在Windows/Linux/Mac上进行快速的DNS爆破,在Mac和Windows上理论最大发包速度在30w/s,linux上为160w/s。 hacking8信息流的src资产收集 https://i.hacking8

boyhack 544 Nov 25, 2022
sonarbyte is a simple and fast subdomain scanner written in go to extract subdomain from Rapid7's DNS Database using omnisint's api.

sonarbyte Description Sonarbyte is a simple and fast subdomain scanner written in go to extract subdomains from Rapid7's DNS Database using omnisint's

Chan Nyein Wai 22 Jul 27, 2022
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration

gilfoyle97 534 Nov 21, 2022
Ffind - A tool to find files of interest on a compromised host during a penetration test

ffind ffind is a tool to find files of interest on a compromised host during a p

Alexis Rodriguez 7 Jul 25, 2022
Get related domains / subdomains by looking at Google Analytics IDs

AnalyticsRelationships This script try to get related domains / subdomains by looking at Google Analytics IDs from a URL. First search for ID of Googl

Josué Encinar 156 Nov 23, 2022
Generate wordlist from already collected subdomains for bruteforcing purposes.

goSubsWordlist Generate a wordlist from a list of already discovered subdomains. This list can be used for further bruteforcing for more subdomains. I

kenjoe41 4 Sep 25, 2022
A tool get level of subdomain from 1....n

dlevel Get any level of subdomain from 1....N Install go get -u github.com/MPaandeey/dlevel Usage Example ?? files.txt hackerone.com info.hackerone.co

Maruthu Pandey 7 Jul 6, 2022
Argus is a subdomain enumeration tool

Argus Argus is a domain enumeration tool. Usage : LINUX : ./argus Windows : double click the executable or .\argus When you enter the domain name , pl

Surya Poojary 2 Apr 28, 2022
JPRQ Customizer is a customizer that helps to use the JPRQ server code and make it compatible with your own server with custom subdomain and domain

JPRQ Customizer is a customizer that helps to use the JPRQ server code and make it compatible with your own server with custom subdomain and domain.You can upload the generated directory to your web server and expose user localhost to public internet. You can use this to make your local machine a command center for your ethical hacking purpose ;)

Abir Ghosh 1 Jan 19, 2022
Echo-server - An HTTP echo server designed for testing applications and proxies

echo-server An HTTP echo server designed for testing applications and proxies. R

Erik Cavalcanti 6 Sep 16, 2022
This is a proof of concept (PoC) for creating a QR code system for proving that one has had a valid vaccination record

TestVac QR Core This is a proof of concept (PoC) for creating a QR code system for proving that one has had a valid vaccination record (FHIR, see http

Ministerie van Volksgezondheid, Welzijn en Sport 39 Oct 5, 2022
TLDs finder: check domain name availability across all valid top-level domains

TLD:er TLDs finder — check domain name availability across all valid top-level d

Dwi Siswanto 50 Oct 31, 2022
Go-http-sleep: Delayed response http server, useful for testing various timeout issue for application running behind proxy

delayed response http server, useful for testing various timeout issue for application running behind proxy

guessi 0 Jan 22, 2022
Super simple tcp intranet penetration proxy program

A super easy to configure tcp intranet penetration proxy program that forwards intranet tcp ports to public network servers. Tested proxies for intranet HTTP services, windows remote desktop, ssh access and other scenarios.

null 17 Nov 14, 2022
Get subdomain list and check whether they are active or not by each response code. Using API by c99.nl

getsubdomain Get subdomain list and check whether they are active or not by each response code. Using API by c99.nl Installation ▶ go install github.c

Akbar Kustirama 10 Oct 24, 2022
lite version of gobuster. Only subdomain brute. 内网轻量化子域名爆破工具

gobusterdns lite version of gobuster. Only subdomain brute. 内网轻量化子域名爆破工具 适合指定dns跑内网子域名 与原版的修改 精简功能,仅支持子域名扫描 可导入domain list文件扫描

TimWhite 39 Nov 9, 2022
Subdomain takeover

CtrlSub subdomain take over tools The project is inspired by SubOver Install go get github.com/mmta41/ctrlsub Usage ./ctrlsub -l sub.host.com Todo U

Mohamad 2 Sep 30, 2021
Subdomain finder based on crt.sh

GoSub Subdomain finder based on crt.sh This will simply make an HTTP request to crt.sh passing the URL you provided, parse the results and print the s

Nicholas Ferreira 3 Aug 29, 2022