A vast collection of security tools for bug bounty, pentest and red teaming

#subdomains

Chaos on offsec.tools
Sponsor
Chaos

Collect and maintain internet-wide assets data for public Bug Bounty programs.

tlsx on offsec.tools
Sponsor
tlsx

Fast and configurable TLS grabber focused on TLS based data collection.

dnsX on offsec.tools
Sponsor
dnsX

Fast and multi-purpose DNS toolkit designed for running DNS queries.

uncover on offsec.tools
Sponsor
uncover

Quickly discover exposed hosts on the internet using multiple search engines.

shuffleDNS on offsec.tools
Sponsor
shuffleDNS

Enumerate valid subdomains using active bruteforce and DNS resolution.

DNSProbe on offsec.tools
Sponsor
DNSProbe

Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

Subfinder on offsec.tools
Sponsor
Subfinder

Discovery tool that discovers valid subdomains for websites.

CertCrunchy on offsec.tools
Featured
CertCrunchy

Uses data from SSL Certificates to find potential host names.

crtndtry on offsec.tools
Featured
crtndtry

Yet another subdomain finder.

sub404 on offsec.tools
sub404

A fast tool to check subdomain takeover vulnerability.

SDBF on offsec.tools
SDBF

Smart DNS Brute Forcer.

SQLMutant on offsec.tools
SQLMutant

Searches for automated subdomain enumeration and runs SQLi tests.

moniorg on offsec.tools
moniorg

Leverage crt.sh website to monitor domains of a target.

hunter.how on offsec.tools
hunter.how

Internet search engines for security researchers.

Striker on offsec.tools
Striker

Offensive information and vulnerability scanner.

celerystalk on offsec.tools
celerystalk

An asynchronous enumeration & vulnerability scanner.

Rock-ON on offsec.tools
Rock-ON

All in one recon tool that just get a single domain name and do all of the work alone.

Domain Hunter on offsec.tools
Domain Hunter

Checks expired domains to determine good candidates for phishing and C2 domain names.

Vajra on offsec.tools
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

RED HAWK on offsec.tools
RED HAWK

All in one tool for information gathering, vulnerability scanning and crawling.

Dome on offsec.tools
Dome

Script that makes active and/or passive scan to obtain subdomains and search for open ports.

Shodan on offsec.tools
Shodan

Search engine for Internet-connected devices.

Netlas.io on offsec.tools
Netlas.io

Netlas.io is the network atlas of Internet. IP, DNS, Web, IoT devices, and etc.

AORT on offsec.tools
AORT

All in one recon tool for bug bounty.

Sub-Drill on offsec.tools
Sub-Drill

A very (very) FAST and simple subdomain finder based on online & free services.

Oculus on offsec.tools
Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

LiveTargetsFinder on offsec.tools
LiveTargetsFinder

Generates lists of live hosts and URLs.

IntelSpy on offsec.tools
IntelSpy

Perform automated network reconnaissance scans to gather network intelligence.

Subra on offsec.tools
Subra

A Web-UI for subdomain enumeration.

fprobe on offsec.tools
fprobe

Take a list of domains/subdomains and probe for working http/https server.

Async DNS Brute on offsec.tools
Async DNS Brute

DNS asynchronous brute force utility.

MagicRecon on offsec.tools
MagicRecon

A powerful shell script to maximize the recon and data collection process.

haktldextract on offsec.tools
haktldextract

Extract domains/subdomains from URLs en masse.

gwdomains on offsec.tools
gwdomains

Sub domain wild card filtering tool.

vhosts-sieve on offsec.tools
vhosts-sieve

Searching for virtual hosts among non-resolvable domains.

SonarSearch on offsec.tools
SonarSearch

A rapid API for the project Sonar dataset.

SecurityTrails on offsec.tools
SecurityTrails

Data for Security companies, researchers and teams.

Certificate Search on offsec.tools
Certificate Search

Get informations about SSL certificates.

GoAltdns on offsec.tools
GoAltdns

A permutation generation tool written in golang.

Raccoon on offsec.tools
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

GSAN on offsec.tools
GSAN

Extract subdomains from SSL certificates in HTTPS sites.

Photon on offsec.tools
Photon

Incredibly fast crawler designed for OSINT.

ScreenShooter on offsec.tools
ScreenShooter

Convert your masscan/subdomain-scan results into screenshots for better analysis.

domain_hunter on offsec.tools
domain_hunter

Try to find all subdomains, similar-domains and related-domains of an organization.

GyoiThon on offsec.tools
GyoiThon

Growing penetration test tool using Machine Learning.

Domain Analyzer on offsec.tools
Domain Analyzer

Analyze the security of any domain by finding all the information possible. Made in python.

CTFR on offsec.tools
CTFR

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Scout on offsec.tools
Scout

Discover a web server's undisclosed files, directories and VHOSTs.

AutoRecon on offsec.tools
AutoRecon

Multi-threaded network reconnaissance tool which performs automated enumeration of services.

AttackSurfaceMapper on offsec.tools
AttackSurfaceMapper

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

SiteBroker on offsec.tools
SiteBroker

Utility for information gathering and penetration testing automation.

Certificate Ripper on offsec.tools
Certificate Ripper

A CLI tool to extract server certificates.

Hackingtool on offsec.tools
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

OneForAll on offsec.tools
OneForAll

A powerful subdomain integration tool.

csprecon on offsec.tools
csprecon

Discover new target domains using Content Security Policy.

BlackWidow on offsec.tools
BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

takeover on offsec.tools
takeover

A tool for testing subdomain takeover possibilities at a mass scale.

Second Order on offsec.tools
Second Order

Second-order subdomain takeover scanner.

HostileSubBruteforcer on offsec.tools
HostileSubBruteforcer

Bruteforce existing subdomains and provide informations about them.

tko-subs on offsec.tools
tko-subs

A tool that can help detect and takeover subdomains with dead DNS records.

subHijack on offsec.tools
subHijack

Hijacking forgotten & misconfigured subdomains.

cnames on offsec.tools
cnames

Take a list of resolved subdomains and output any corresponding CNAMES en masse.

Can I take over XYZ? on offsec.tools
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

NSBrute on offsec.tools
NSBrute

Python utility to takeover domains vulnerable to AWS NS Takeover.

autoSubTakeover on offsec.tools
autoSubTakeover

A tool used to check if a CNAME resolves to the scope address.

SubOver on offsec.tools
SubOver

A Powerful Subdomain Takeover Tool.

s3cario on offsec.tools
s3cario

Performs buckets checks from a given list of subdomains.

Burp-AnonymousCloud on offsec.tools
Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

MSDNSScan on offsec.tools
MSDNSScan

Identify DNS records, check for zone transfers and conduct subdomain enumeration.

sub-domain enumeration techniques on offsec.tools
sub-domain enumeration techniques

Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

WitnessMe on offsec.tools
WitnessMe

Web Inventory tool, takes screenshots and provides some extra bells&whistles to make life easier.

Sub3 Suite on offsec.tools
Sub3 Suite

A free, open source, cross platform Intelligence gathering tool.

Scilla on offsec.tools
Scilla

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration.

brutesubs on offsec.tools
brutesubs

Automation framework for running multiple open sourced subdomain bruteforcing tools in parallel.

Substr3am on offsec.tools
Substr3am

Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates.

As3nt on offsec.tools
As3nt

Another Subdomain ENumeration Tool.

TugaRecon on offsec.tools
TugaRecon

Subdomains enumeration tool for penetration testers.

Censys Enumeration on offsec.tools
Censys Enumeration

Extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

Turbolist3r on offsec.tools
Turbolist3r

Subdomain enumeration tool with analysis features for discovered domains.

Censys subdomain finder on offsec.tools
Censys subdomain finder

Perform subdomain enumeration using the certificate transparency logs from Censys.

domained on offsec.tools
domained

Multi Tool Subdomain Enumeration.

dnsenum on offsec.tools
dnsenum

Enumerates DNS information of a domain and to discover non-contiguous ip blocks.

DNSRecon on offsec.tools
DNSRecon

DNS Enumeration Script.

mx-takeover on offsec.tools
mx-takeover

Focuses DNS MX records and detects misconfigured MX records.

cero on offsec.tools
cero

Scrape domain names from SSL certificates of arbitrary hosts.

DataExtractor on offsec.tools
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

dnsReaper on offsec.tools
dnsReaper

Subdomain takeover tool for attackers, bug bounty hunters and the blue team!

Sudomy on offsec.tools
Sudomy

Collects subdomains and analyzes domains performing automated reconnaissance.

DNSTake on offsec.tools
DNSTake

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.

Rengine on offsec.tools
Rengine

Automated reconnaissance framework for webapps, highly configurable streamlined recon process.

GET-ACQ on offsec.tools
GET-ACQ

Gather all companies acquired by a given company domain name.

mksub on offsec.tools
mksub

Generate tens of thousands of subdomain combinations in a matter of seconds.

theHarvester on offsec.tools
theHarvester

E-mails, subdomains and names Harvester.

Th3inspector on offsec.tools
Th3inspector

All in one tool for Information Gathering.

github-subdomains on offsec.tools
github-subdomains

Find subdomains on GitHub.

puredns on offsec.tools
puredns

Puredns is a fast domain resolver & subdomain bruteforcing tool.

gotator on offsec.tools
gotator

Generates DNS wordlists through permutations.

SpiderFoot on offsec.tools
SpiderFoot

Automates OSINT for threat intelligence and mapping your attack surface.

favicon-hashtrick on offsec.tools
favicon-hashtrick

Python script implementing the favicon hash trick to find subdomains.

dnsgen on offsec.tools
dnsgen

Generates combination of domain names from the provided input.

dnscan on offsec.tools
dnscan

Python wordlist-based DNS subdomain scanner.

Sublert on offsec.tools
Sublert

Monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

Altdns on offsec.tools
Altdns

Generates permutations, alterations and mutations of subdomains and then resolves them.

Virtual host scanner on offsec.tools
Virtual host scanner

A script to enumerate virtual hosts on a server.

Findomain on offsec.tools
Findomain

The complete solution for domain recognition.

subzuf on offsec.tools
subzuf

A smart DNS response-guided subdomain fuzzer.

related-domains on offsec.tools
related-domains

Find related domains of a given domain.

gitlab-subdomains on offsec.tools
gitlab-subdomains

Find subdomains on GitLab.

regulator on offsec.tools
regulator

Automated learning of regexes for DNS discovery.

dsieve on offsec.tools
dsieve

Filter and enrich a list of subdomains by level.

hakrevdns on offsec.tools
hakrevdns

Small, fast tool for performing reverse DNS lookups en masse.

GRecon on offsec.tools
GRecon

Run a Google based passive recon against your scope.

assetfinder on offsec.tools
assetfinder

Find domains and subdomains related to a given domain.

Knockpy on offsec.tools
Knockpy

Knock Subdomain Scan.

SubBrute on offsec.tools
SubBrute

A DNS meta-query spider that enumerates DNS records, and subdomains.

Sublist3r on offsec.tools
Sublist3r

Fast subdomains enumeration tool for penetration testers.

Amass on offsec.tools
Amass

In-depth Attack Surface Mapping and Asset Discovery.