A vast collection of security tools for bug bounty, pentest and red teaming

#subdomains

117 results
Chaos on offsec.tools
Sponsor
Chaos

Collect and maintain internet-wide assets data for public Bug Bounty programs.

#bugbounty   #dns   #subdomains  

tlsx on offsec.tools
Sponsor
tlsx

Fast and configurable TLS grabber focused on TLS based data collection.

#dns   #ips   #ports   #probing   #subdomains   #tls  

dnsX on offsec.tools
Sponsor
dnsX

Fast and multi-purpose DNS toolkit designed for running DNS queries.

#dns   #subdomains  

uncover on offsec.tools
Sponsor
uncover

Quickly discover exposed hosts on the internet using multiple search engines.

#subdomains  

shuffleDNS on offsec.tools
Sponsor
shuffleDNS

Enumerate valid subdomains using active bruteforce and DNS resolution.

#dns   #subdomains  

DNSProbe on offsec.tools
Sponsor
DNSProbe

Allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

#dns   #subdomains  

Subfinder on offsec.tools
Sponsor
Subfinder

Discovery tool that discovers valid subdomains for websites.

#subdomains  

CertCrunchy on offsec.tools
Featured
CertCrunchy

Uses data from SSL Certificates to find potential host names.

#censys   #certificates   #certspotter   #crtsh   #ips   #ssl   #subdomains  

crtndtry on offsec.tools
Featured
crtndtry

Yet another subdomain finder.

#subdomains  

sub404 on offsec.tools
sub404

A fast tool to check subdomain takeover vulnerability.

#subdomains   #subto  

SDBF on offsec.tools
SDBF

Smart DNS Brute Forcer.

#domains   #subdomains  

SQLMutant on offsec.tools
SQLMutant

Searches for automated subdomain enumeration and runs SQLi tests.

#sqli   #subdomains  

moniorg on offsec.tools
moniorg

Leverage crt.sh website to monitor domains of a target.

#monitoring   #subdomains  

hunter.how on offsec.tools
hunter.how

Internet search engines for security researchers.

#cves   #dns   #ips   #network   #online   #ports   #recon   #subdomains  

Striker on offsec.tools
Striker

Offensive information and vulnerability scanner.

#ports   #scanner   #subdomains   #vulnerabilities  

celerystalk on offsec.tools
celerystalk

An asynchronous enumeration & vulnerability scanner.

#automation   #nessus   #scanner   #screenshots   #subdomains  

Rock-ON on offsec.tools
Rock-ON

All in one recon tool that just get a single domain name and do all of the work alone.

#asn   #crawler   #directories   #domains   #ips   #ports   #recon   #subdomains   #subto  

Domain Hunter on offsec.tools
Domain Hunter

Checks expired domains to determine good candidates for phishing and C2 domain names.

#domains   #subdomains  

Vajra on offsec.tools
Vajra

UI-based tool with multiple techniques for attacking and enumerating Azure and AWS environment.

#aws   #azure   #cloud   #passwords   #subdomains  

RED HAWK on offsec.tools
RED HAWK

All in one tool for information gathering, vulnerability scanning and crawling.

#cms   #crawler   #dns   #recon   #scanner   #sqli   #subdomains   #vulnerabilities  

Dome on offsec.tools
Dome

Script that makes active and/or passive scan to obtain subdomains and search for open ports.

#bruteforce   #ports   #recon   #subdomains  

Shodan on offsec.tools
Shodan

Search engine for Internet-connected devices.

#cves   #dns   #ips   #network   #online   #ports   #recon   #subdomains  

Netlas.io on offsec.tools
Netlas.io

Netlas.io is the network atlas of Internet. IP, DNS, Web, IoT devices, and etc.

#cves   #dns   #ips   #network   #online   #ports   #recon   #subdomains  

AORT on offsec.tools
AORT

All in one recon tool for bug bounty.

#dns   #ips   #recon   #scanner   #subdomains  

Sub-Drill on offsec.tools
Sub-Drill

A very (very) FAST and simple subdomain finder based on online & free services.

#subdomains  

Oculus on offsec.tools
Oculus

OSINT tool used to discover environments, directories, and subdomains of a particular domain.

#aws   #azure   #cloud   #directories   #emails   #firebase   #fuzzing   #osint   #subdomains  

LiveTargetsFinder on offsec.tools
LiveTargetsFinder

Generates lists of live hosts and URLs.

#dns   #probing   #subdomains  

IntelSpy on offsec.tools
IntelSpy

Perform automated network reconnaissance scans to gather network intelligence.

#exploits   #ips   #ports   #probing   #recon   #reports   #scanner   #subdomains  

Subra on offsec.tools
Subra

A Web-UI for subdomain enumeration.

#recon   #subdomains  

fprobe on offsec.tools
fprobe

Take a list of domains/subdomains and probe for working http/https server.

#probing   #subdomains  

Async DNS Brute on offsec.tools
Async DNS Brute

DNS asynchronous brute force utility.

#bruteforce   #dns   #subdomains  

MagicRecon on offsec.tools
MagicRecon

A powerful shell script to maximize the recon and data collection process.

#allinone   #cloud   #emails   #recon   #screenshots   #subdomains   #vulnerabilities  

haktldextract on offsec.tools
haktldextract

Extract domains/subdomains from URLs en masse.

#domains   #endpoints   #subdomains   #tld   #utils  

gwdomains on offsec.tools
gwdomains

Sub domain wild card filtering tool.

#domains   #recon   #subdomains   #wildcard  

vhosts-sieve on offsec.tools
vhosts-sieve

Searching for virtual hosts among non-resolvable domains.

#recon   #subdomains   #vhosts  

SonarSearch on offsec.tools
SonarSearch

A rapid API for the project Sonar dataset.

#dns   #domains   #ips   #subdomains  

SecurityTrails on offsec.tools
SecurityTrails

Data for Security companies, researchers and teams.

#dns   #domains   #ips   #online   #subdomains   #webarchives  

Certificate Search on offsec.tools
Certificate Search

Get informations about SSL certificates.

#certificates   #online   #ssl   #subdomains  

GoAltdns on offsec.tools
GoAltdns

A permutation generation tool written in golang.

#altdns   #subdomains  

Raccoon on offsec.tools
Raccoon

A high performance offensive security tool for reconnaissance and vulnerability scanning.

#dns   #endpoints   #fingerprint   #firewall   #fuzzing   #ips   #scanner   #ssl   #subdomains  

GSAN on offsec.tools
GSAN

Extract subdomains from SSL certificates in HTTPS sites.

#certificates   #dns   #ssl   #subdomains  

Photon on offsec.tools
Photon

Incredibly fast crawler designed for OSINT.

#crawler   #endpoints   #files   #javascript   #osint   #secrets   #subdomains   #webarchives  

ScreenShooter on offsec.tools
ScreenShooter

Convert your masscan/subdomain-scan results into screenshots for better analysis.

#dns   #ports   #recon   #screenshots   #subdomains  

domain_hunter on offsec.tools
domain_hunter

Try to find all subdomains, similar-domains and related-domains of an organization.

#burpsuite   #domains   #subdomains  

GyoiThon on offsec.tools
GyoiThon

Growing penetration test tool using Machine Learning.

#cloud   #crawler   #dorks   #exploits   #ssl   #subdomains  

Domain Analyzer on offsec.tools
Domain Analyzer

Analyze the security of any domain by finding all the information possible. Made in python.

#crawler   #dns   #endpoints   #ips   #ports   #reports   #subdomains  

CTFR on offsec.tools
CTFR

Abusing Certificate Transparency logs for getting HTTPS websites subdomains.

#certificates   #recon   #ssl   #subdomains  

Scout on offsec.tools
Scout

Discover a web server's undisclosed files, directories and VHOSTs.

#directories   #fuzzing   #subdomains  

AutoRecon on offsec.tools
AutoRecon

Multi-threaded network reconnaissance tool which performs automated enumeration of services.

#fingerprint   #ips   #ports   #services   #subdomains  

AttackSurfaceMapper on offsec.tools
AttackSurfaceMapper

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

#ips   #osint   #passwords   #ports   #screenshots   #subdomains  

SiteBroker on offsec.tools
SiteBroker

Utility for information gathering and penetration testing automation.

#cloudflare   #crawler   #shell   #subdomains  

Certificate Ripper on offsec.tools
Certificate Ripper

A CLI tool to extract server certificates.

#certificates   #recon   #ssl   #subdomains  

Hackingtool on offsec.tools
Hackingtool

ALL IN ONE Hacking Tool For Hackers.

#allinone   #exploits   #framework   #network   #osint   #payloads   #secrets   #sqli   #subdomains   #wifi   #wordlists   #xss  

OneForAll on offsec.tools
OneForAll

A powerful subdomain integration tool.

#altdns   #bruteforce   #subdomains  

csprecon on offsec.tools
csprecon

Discover new target domains using Content Security Policy.

#csp   #subdomains  

BlackWidow on offsec.tools
BlackWidow

Web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.

#emails   #endpoints   #forms   #fuzzing   #osint   #owasp   #parameters   #phones   #subdomains  

takeover on offsec.tools
takeover

A tool for testing subdomain takeover possibilities at a mass scale.

#subdomains   #subto   #vulnerabilities  

Second Order on offsec.tools
Second Order

Second-order subdomain takeover scanner.

#scanner   #subdomains   #subto   #vulnerabilities  

HostileSubBruteforcer on offsec.tools
HostileSubBruteforcer

Bruteforce existing subdomains and provide informations about them.

#bruteforce   #subdomains   #subto   #vulnerabilities  

tko-subs on offsec.tools
tko-subs

A tool that can help detect and takeover subdomains with dead DNS records.

#dns   #subdomains   #subto   #vulnerabilities  

subHijack on offsec.tools
subHijack

Hijacking forgotten & misconfigured subdomains.

#subdomains   #subto   #vulnerabilities  

cnames on offsec.tools
cnames

Take a list of resolved subdomains and output any corresponding CNAMES en masse.

#dns   #subdomains  

Can I take over XYZ? on offsec.tools
Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.

#resources   #subdomains   #subto   #vulnerabilities  

NSBrute on offsec.tools
NSBrute

Python utility to takeover domains vulnerable to AWS NS Takeover.

#aws   #cloud   #subdomains   #subto  

autoSubTakeover on offsec.tools
autoSubTakeover

A tool used to check if a CNAME resolves to the scope address.

#dns   #subdomains   #subto  

SubOver on offsec.tools
SubOver

A Powerful Subdomain Takeover Tool.

#subdomains   #subto   #vulnerabilities  

s3cario on offsec.tools
s3cario

Performs buckets checks from a given list of subdomains.

#aws   #bucket   #cloud   #subdomains  

Burp-AnonymousCloud on offsec.tools
Burp-AnonymousCloud

Performs passive scan to identify buckets and test them for publicly accessible vulnerabilities.

#aws   #azure   #buckets   #burpsuite   #cloud   #google   #subdomains   #subto  

MSDNSScan on offsec.tools
MSDNSScan

Identify DNS records, check for zone transfers and conduct subdomain enumeration.

#dns   #subdomains  

sub-domain enumeration techniques on offsec.tools
sub-domain enumeration techniques

Esoteric sub-domain enumeration techniques - Bugcrowd LevelUp

#bugcrowd   #resources   #subdomains   #wordlists  

WitnessMe on offsec.tools
WitnessMe

Web Inventory tool, takes screenshots and provides some extra bells&whistles to make life easier.

#ips   #screenshots   #subdomains  

Sub3 Suite on offsec.tools
Sub3 Suite

A free, open source, cross platform Intelligence gathering tool.

#dns   #endpoints   #ips   #osint   #ports   #ssl   #subdomains  

Scilla on offsec.tools
Scilla

Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration.

#directories   #dns   #ports   #subdomains  

brutesubs on offsec.tools
brutesubs

Automation framework for running multiple open sourced subdomain bruteforcing tools in parallel.

#framework   #subdomains  

Substr3am on offsec.tools
Substr3am

Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates.

#certificates   #ssl   #subdomains  

As3nt on offsec.tools
As3nt

Another Subdomain ENumeration Tool.

#cves   #shodan   #subdomains  

TugaRecon on offsec.tools
TugaRecon

Subdomains enumeration tool for penetration testers.

#subdomains  

Censys Enumeration on offsec.tools
Censys Enumeration

Extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys.

#censys   #certificates   #emails   #subdomains  

Turbolist3r on offsec.tools
Turbolist3r

Subdomain enumeration tool with analysis features for discovered domains.

#subdomains  

Censys subdomain finder on offsec.tools
Censys subdomain finder

Perform subdomain enumeration using the certificate transparency logs from Censys.

#censys   #certificates   #subdomains  

domained on offsec.tools
domained

Multi Tool Subdomain Enumeration.

#screenshots   #subdomains  

dnsenum on offsec.tools
dnsenum

Enumerates DNS information of a domain and to discover non-contiguous ip blocks.

#dns   #domains   #ips   #subdomains  

DNSRecon on offsec.tools
DNSRecon

DNS Enumeration Script.

#dns   #subdomains  

mx-takeover on offsec.tools
mx-takeover

Focuses DNS MX records and detects misconfigured MX records.

#emails   #subdomains   #subto   #vulnerabilities  

cero on offsec.tools
cero

Scrape domain names from SSL certificates of arbitrary hosts.

#ssl   #subdomains  

DataExtractor on offsec.tools
DataExtractor

A Burp Suite extension to extract data from source code while browsing.

#burpsuite   #endpoints   #regexp   #secrets   #subdomains  

dnsReaper on offsec.tools
dnsReaper

Subdomain takeover tool for attackers, bug bounty hunters and the blue team!

#aws   #azure   #cloud   #cloudflare   #digitalocean   #dns   #subdomains   #subto  

Sudomy on offsec.tools
Sudomy

Collects subdomains and analyzes domains performing automated reconnaissance.

#endpoints   #ips   #ports   #scanner   #screenshots   #subdomains   #subto  

DNSTake on offsec.tools
DNSTake

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.

#dns   #subdomains   #subto  

Rengine on offsec.tools
Rengine

Automated reconnaissance framework for webapps, highly configurable streamlined recon process.

#allinone   #framework   #ips   #osint   #scanner   #screenshots   #subdomains  

GET-ACQ on offsec.tools
GET-ACQ

Gather all companies acquired by a given company domain name.

#subdomains  

mksub on offsec.tools
mksub

Generate tens of thousands of subdomain combinations in a matter of seconds.

#altdns   #subdomains  

theHarvester on offsec.tools
theHarvester

E-mails, subdomains and names Harvester.

#emails   #osint   #subdomains  

Th3inspector on offsec.tools
Th3inspector

All in one tool for Information Gathering.

#cloudflare   #emails   #ips   #osint   #subdomains  

github-subdomains on offsec.tools
github-subdomains

Find subdomains on GitHub.

#github   #subdomains  

puredns on offsec.tools
puredns

Puredns is a fast domain resolver & subdomain bruteforcing tool.

#dns   #subdomains  

gotator on offsec.tools
gotator

Generates DNS wordlists through permutations.

#subdomains  

SpiderFoot on offsec.tools
SpiderFoot

Automates OSINT for threat intelligence and mapping your attack surface.

#asn   #domains   #emails   #ips   #osint   #phones   #subdomains   #usernames  

favicon-hashtrick on offsec.tools
favicon-hashtrick

Python script implementing the favicon hash trick to find subdomains.

#ips   #subdomains  

dnsgen on offsec.tools
dnsgen

Generates combination of domain names from the provided input.

#altdns   #subdomains  

dnscan on offsec.tools
dnscan

Python wordlist-based DNS subdomain scanner.

#subdomains  

Sublert on offsec.tools
Sublert

Monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

#subdomains  

Altdns on offsec.tools
Altdns

Generates permutations, alterations and mutations of subdomains and then resolves them.

#altdns   #subdomains  

Virtual host scanner on offsec.tools
Virtual host scanner

A script to enumerate virtual hosts on a server.

#subdomains  

Findomain on offsec.tools
Findomain

The complete solution for domain recognition.

#ports   #screenshots   #subdomains  

subzuf on offsec.tools
subzuf

A smart DNS response-guided subdomain fuzzer.

#altdns   #subdomains  

related-domains on offsec.tools
related-domains

Find related domains of a given domain.

#subdomains  

gitlab-subdomains on offsec.tools
gitlab-subdomains

Find subdomains on GitLab.

#gitlab   #subdomains  

regulator on offsec.tools
regulator

Automated learning of regexes for DNS discovery.

#altdns   #subdomains  

dsieve on offsec.tools
dsieve

Filter and enrich a list of subdomains by level.

#subdomains  

hakrevdns on offsec.tools
hakrevdns

Small, fast tool for performing reverse DNS lookups en masse.

#dns   #subdomains  

GRecon on offsec.tools
GRecon

Run a Google based passive recon against your scope.

#directories   #google   #subdomains   #wordpress  

assetfinder on offsec.tools
assetfinder

Find domains and subdomains related to a given domain.

#subdomains  

Knockpy on offsec.tools
Knockpy

Knock Subdomain Scan.

#subdomains  

SubBrute on offsec.tools
SubBrute

A DNS meta-query spider that enumerates DNS records, and subdomains.

#dns   #subdomains  

Sublist3r on offsec.tools
Sublist3r

Fast subdomains enumeration tool for penetration testers.

#subdomains  

Amass on offsec.tools
Amass

In-depth Attack Surface Mapping and Asset Discovery.

#asn   #ips   #network   #owasp   #subdomains