#subdomains

alterx on offsec.tools
Sponsor
alterx

Fast and customizable subdomain wordlist generator using DSL.

Chaos on offsec.tools
Sponsor
Chaos

Collect and maintain internet-wide assets data for public Bug Bounty programs.

dnsX on offsec.tools
Sponsor
dnsX

Fast and multi-purpose DNS toolkit designed for running DNS queries.

tlsx on offsec.tools
Sponsor
tlsx

Fast and configurable TLS grabber focused on TLS based data collection.

uncover on offsec.tools
Sponsor
uncover

Quickly discover exposed hosts on the internet using multiple search engines.

DNSProbe on offsec.tools
Sponsor
DNSProbe

Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

shuffleDNS on offsec.tools
Sponsor
shuffleDNS

Enumerate valid subdomains using active bruteforce and DNS resolution.

Subfinder on offsec.tools
Sponsor
Subfinder

Discovery tool that discovers valid subdomains for websites.

subzy on offsec.tools
subzy

Subdomain takeover vulnerability checker.

WhoisXMLAPI on offsec.tools
WhoisXMLAPI

Domain & IP data intelligence for greater enterprise security.

resolvers on offsec.tools
resolvers

The most exhaustive list of reliable DNS resolvers.

Kaeferjaeger on offsec.tools
Kaeferjaeger

Lists of resources: cdn ranges, ips ranges, sni ip ranges...

ripgen on offsec.tools
ripgen

Rust-based high performance domain permutation generator.

karma v2 on offsec.tools
karma v2

Passive open source intelligence automated reconnaissance.

shosubgo on offsec.tools
shosubgo

Small tool to grab subdomains using Shodan API.

bbot on offsec.tools
bbot

OSINT automation for hackers.

FavFreak on offsec.tools
FavFreak

Making favicon.ico based recon great again.

SubScraper on offsec.tools
SubScraper

Perform subdomain enumeration through various techniques and retrieve detailed output.

Fresh Resolvers on offsec.tools
Fresh Resolvers

List of fresh DNS resolvers updated every 12h.

subnerium on offsec.tools
subnerium

A fast passive subdomain enumeration tool that uses various sources to gather data.

hakip2host on offsec.tools
hakip2host

Takes a list of IP addresses then does a series of checks to return associated domain names.

hakoriginfinder on offsec.tools
hakoriginfinder

Discover the origin host behind a reverse proxy, useful for bypassing cloud WAFs!.

haktrails on offsec.tools
haktrails

Golang client for querying SecurityTrails API data.

SubGPT on offsec.tools
SubGPT

Find subdomains with GPT, for free.

wildcrawl on offsec.tools
wildcrawl

Crawls URL to get a better image of what is tied to a website.

fastsub on offsec.tools
fastsub

A DNS bruteforcer with multi-threading, and handling of bad resolvers.

subtake on offsec.tools
subtake

Extension of sublister tool to check for subdomain takeovers.

SubdomainFinder on offsec.tools
SubdomainFinder

Find subdomains by searching public certificate records.

GPT_Vuln-Analyzer on offsec.tools
GPT_Vuln-Analyzer

A powerful network scanner, DNS recon, subdomain enumeration and IP Geolocator tool powered by GPT.

github-regexp on offsec.tools
github-regexp

Basically a regexp over a GitHub search.

sub404 on offsec.tools
sub404

A fast tool to check subdomain takeover vulnerability.

SDBF on offsec.tools
SDBF

Smart DNS Brute Forcer.

SQLMutant on offsec.tools
SQLMutant

Searches for automated subdomain enumeration and runs SQLi tests.

moniorg on offsec.tools
moniorg

Leverage crt.sh website to monitor domains of a target.

hunter.how on offsec.tools
hunter.how

Internet search engines for security researchers.

Striker on offsec.tools
Striker

Offensive information and vulnerability scanner.

celerystalk on offsec.tools
celerystalk

An asynchronous enumeration & vulnerability scanner.

Rock-ON on offsec.tools
Rock-ON

All in one recon tool that just get a single domain name and do all of the work alone.

Domain Hunter on offsec.tools
Domain Hunter

Checks expired domains to determine good candidates for phishing and C2 domain names.

Vajra on offsec.tools
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

RED HAWK on offsec.tools
RED HAWK

All in one tool for information gathering, vulnerability scanning and crawling.

Dome on offsec.tools
Dome

Script that makes active and/or passive scan to obtain subdomains and search for open ports.

Shodan on offsec.tools
Shodan

Search engine for Internet-connected devices.

Netlas.io on offsec.tools
Netlas.io

Netlas.io is the network atlas of Internet. IP, DNS, Web, IoT devices, and etc.

AORT on offsec.tools
AORT

All in one recon tool for bug bounty.

Sub-Drill on offsec.tools
Sub-Drill

A very (very) FAST and simple subdomain finder based on online & free services.

Oculus on offsec.tools
Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

LiveTargetsFinder on offsec.tools
LiveTargetsFinder

Generates lists of live hosts and URLs.

fprobe on offsec.tools
fprobe

Take a list of domains/subdomains and probe for working http/https server.

Subra on offsec.tools
Subra

A Web-UI for subdomain enumeration.

IntelSpy on offsec.tools
IntelSpy

Perform automated network reconnaissance scans to gather network intelligence.

Async DNS Brute on offsec.tools
Async DNS Brute

DNS asynchronous brute force utility.

gwdomains on offsec.tools
gwdomains

Sub domain wild card filtering tool.

haktldextract on offsec.tools
haktldextract

Extract domains/subdomains from URLs en masse.

MagicRecon on offsec.tools
MagicRecon

A powerful shell script to maximize the recon and data collection process.

SonarSearch on offsec.tools
SonarSearch

A rapid API for the project Sonar dataset.

vhosts-sieve on offsec.tools
vhosts-sieve

Searching for virtual hosts among non-resolvable domains.

Certificate Search on offsec.tools
Certificate Search

Get informations about SSL certificates.

SecurityTrails on offsec.tools
SecurityTrails

Data for Security companies, researchers and teams.

GoAltdns on offsec.tools
GoAltdns

A permutation generation tool written in golang.

CertCrunchy on offsec.tools
CertCrunchy

Uses data from SSL Certificates to find potential host names.

GSAN on offsec.tools
GSAN

Extract subdomains from SSL certificates in HTTPS sites.

Raccoon on offsec.tools
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

Photon on offsec.tools
Photon

Incredibly fast crawler designed for OSINT.

ScreenShooter on offsec.tools
ScreenShooter

Convert your masscan/subdomain-scan results into screenshots for better analysis.

domain_hunter on offsec.tools
domain_hunter

Try to find all subdomains, similar-domains and related-domains of an organization.

Domain Analyzer on offsec.tools
Domain Analyzer

Analyze the security of any domain by finding all the information possible. Made in python.

GyoiThon on offsec.tools
GyoiThon

Growing penetration test tool using Machine Learning.

CTFR on offsec.tools
CTFR

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

Scout on offsec.tools
Scout

Discover a web server's undisclosed files, directories and VHOSTs.

SiteBroker on offsec.tools
SiteBroker

Utility for information gathering and penetration testing automation.

AttackSurfaceMapper on offsec.tools
AttackSurfaceMapper

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

AutoRecon on offsec.tools
AutoRecon

Multi-threaded network reconnaissance tool which performs automated enumeration of services.

Certificate Ripper on offsec.tools
Certificate Ripper

A CLI tool to extract server certificates.

Hackingtool on offsec.tools
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

OneForAll on offsec.tools
OneForAll

A powerful subdomain integration tool.

csprecon on offsec.tools
csprecon

Discover new target domains using Content Security Policy.

BlackWidow on offsec.tools
BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

takeover on offsec.tools
takeover

A tool for testing subdomain takeover possibilities at a mass scale.

Second Order on offsec.tools
Second Order

Second-order subdomain takeover scanner.

HostileSubBruteforcer on offsec.tools
HostileSubBruteforcer

Bruteforce existing subdomains and provide informations about them.

tko-subs on offsec.tools
tko-subs

A tool that can help detect and takeover subdomains with dead DNS records.

subHijack on offsec.tools
subHijack

Hijacking forgotten & misconfigured subdomains.

cnames on offsec.tools
cnames

Take a list of resolved subdomains and output any corresponding CNAMES en masse.

Can I take over XYZ? on offsec.tools
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

NSBrute on offsec.tools
NSBrute

Python utility to takeover domains vulnerable to AWS NS Takeover.

autoSubTakeover on offsec.tools
autoSubTakeover

A tool used to check if a CNAME resolves to the scope address.

SubOver on offsec.tools
SubOver

A Powerful Subdomain Takeover Tool.

Burp-AnonymousCloud on offsec.tools
Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

s3cario on offsec.tools
s3cario

Performs buckets checks from a given list of subdomains.

MSDNSScan on offsec.tools
MSDNSScan

Identify DNS records, check for zone transfers and conduct subdomain enumeration.

sub-domain enumeration techniques on offsec.tools
sub-domain enumeration techniques

Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

WitnessMe on offsec.tools
WitnessMe

Web Inventory tool, takes screenshots and provides some extra bells&whistles to make life easier.

Sub3 Suite on offsec.tools
Sub3 Suite

A free, open source, cross platform Intelligence gathering tool.

Scilla on offsec.tools
Scilla

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration.

crtndtry on offsec.tools
crtndtry

Yet another subdomain finder.

brutesubs on offsec.tools
brutesubs

Automation framework for running multiple open sourced subdomain bruteforcing tools in parallel.

Substr3am on offsec.tools
Substr3am

Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates.

As3nt on offsec.tools
As3nt

Another Subdomain ENumeration Tool.

TugaRecon on offsec.tools
TugaRecon

Subdomains enumeration tool for penetration testers.

Censys Enumeration on offsec.tools
Censys Enumeration

Extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

Turbolist3r on offsec.tools
Turbolist3r

Subdomain enumeration tool with analysis features for discovered domains.

Censys subdomain finder on offsec.tools
Censys subdomain finder

Perform subdomain enumeration using the certificate transparency logs from Censys.

domained on offsec.tools
domained

Multi Tool Subdomain Enumeration.

DNSRecon on offsec.tools
DNSRecon

DNS Enumeration Script.

dnsenum on offsec.tools
dnsenum

Enumerates DNS information of a domain and to discover non-contiguous ip blocks.

cero on offsec.tools
cero

Scrape domain names from SSL certificates of arbitrary hosts.

mx-takeover on offsec.tools
mx-takeover

Focuses DNS MX records and detects misconfigured MX records.

DataExtractor on offsec.tools
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

Sudomy on offsec.tools
Sudomy

Collects subdomains and analyzes domains performing automated reconnaissance.

dnsReaper on offsec.tools
dnsReaper

Subdomain takeover tool for attackers, bug bounty hunters and the blue team!

DNSTake on offsec.tools
DNSTake

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.

Rengine on offsec.tools
Rengine

Automated reconnaissance framework for webapps, highly configurable streamlined recon process.

GET-ACQ on offsec.tools
GET-ACQ

Gather all companies acquired by a given company domain name.

mksub on offsec.tools
mksub

Generate tens of thousands of subdomain combinations in a matter of seconds.

Th3inspector on offsec.tools
Th3inspector

All in one tool for Information Gathering.

theHarvester on offsec.tools
theHarvester

E-mails, subdomains and names Harvester.

puredns on offsec.tools
puredns

Puredns is a fast domain resolver & subdomain bruteforcing tool.

github-subdomains on offsec.tools
github-subdomains

Find subdomains on GitHub.

gotator on offsec.tools
gotator

Generates DNS wordlists through permutations.

SpiderFoot on offsec.tools
SpiderFoot

Automates OSINT for threat intelligence and mapping your attack surface.

favicon-hashtrick on offsec.tools
favicon-hashtrick

Python script implementing the favicon hash trick to find subdomains.

cloudflare-origin-ip on offsec.tools
cloudflare-origin-ip

Try to find the origin IP of a webapp protected by Cloudflare.

Altdns on offsec.tools
Altdns

Generates permutations, alterations and mutations of subdomains and then resolves them.

Sublert on offsec.tools
Sublert

Monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

dnscan on offsec.tools
dnscan

Python wordlist-based DNS subdomain scanner.

dnsgen on offsec.tools
dnsgen

Generates combination of domain names from the provided input.

Virtual host scanner on offsec.tools
Virtual host scanner

A script to enumerate virtual hosts on a server.

Findomain on offsec.tools
Findomain

The complete solution for domain recognition.

subzuf on offsec.tools
subzuf

A smart DNS response-guided subdomain fuzzer.

GRecon on offsec.tools
GRecon

Run a Google based passive recon against your scope.

hakrevdns on offsec.tools
hakrevdns

Small, fast tool for performing reverse DNS lookups en masse.

dsieve on offsec.tools
dsieve

Filter and enrich a list of subdomains by level.

regulator on offsec.tools
regulator

Automated learning of regexes for DNS discovery.

gitlab-subdomains on offsec.tools
gitlab-subdomains

Find subdomains on GitLab.

SubBrute on offsec.tools
SubBrute

A DNS meta-query spider that enumerates DNS records, and subdomains.

Knockpy on offsec.tools
Knockpy

Knock Subdomain Scan.

assetfinder on offsec.tools
assetfinder

Find domains and subdomains related to a given domain.

Sublist3r on offsec.tools
Sublist3r

Fast subdomains enumeration tool for penetration testers.

Amass on offsec.tools
Amass

In-depth Attack Surface Mapping and Asset Discovery.