subfinder
by projectdiscovery
subfinder is a fast and lightweight passive subdomain enumeration tool designed for efficient discovery of valid subdomains using curated online sources.
Fast passive subdomain enumeration tool.
Primary Use Case
This tool is primarily used by penetration testers, bug bounty hunters, and red teamers to quickly gather subdomain information about target domains without active probing, ensuring stealth and speed. It helps in reconnaissance phases to identify attack surfaces by passively collecting subdomains from multiple sources.
- Fast and powerful resolution and wildcard elimination modules
- Curated passive sources to maximize results
- Multiple output formats supported including JSON and file outputs
- Optimized for speed and lightweight on resources
- Supports STDIN/STDOUT for easy integration into automated workflows
- Modular architecture focused solely on passive subdomain enumeration
- Ability to include or exclude specific data sources
- Rate limiting and concurrency controls for request management
Installation
- Download the latest release from the GitHub releases page
- Alternatively, build from source using Go environment
- Run `subfinder -h` to verify installation and view help
Usage
>_ subfinder -hDisplays help information and all available flags for the tool
>_ subfinder -d example.comEnumerates subdomains for the specified domain 'example.com'
>_ subfinder -dL domains.txtReads a list of domains from 'domains.txt' and enumerates subdomains for each
>_ subfinder -s crtsh,githubUses only specified sources (crtsh and github) for subdomain discovery
>_ subfinder -allUses all available sources for enumeration (slower but more comprehensive)
>_ subfinder -rl 10Limits the number of HTTP requests to 10 per second
>_ subfinder -o output.txtWrites the enumeration results to 'output.txt'
>_ subfinder -oJOutputs results in JSON Lines format
>_ subfinder -updateUpdates subfinder to the latest version
- Integrate subfinder into automated red team reconnaissance pipelines to speed up attack surface mapping.
- Use subfinder's JSON output to feed into vulnerability scanners for continuous monitoring.
- Combine with active scanning tools for comprehensive domain enumeration.
- Leverage rate limiting and concurrency controls to avoid detection during stealth operations.
- Incorporate subfinder into purple team exercises to improve collaboration between offense and defense during reconnaissance phases.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about subfinder. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
Awesome-Hacking
Hack-with-Github/Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
hackingtool
Z4nzu/hackingtool
ALL IN ONE Hacking Tool For Hackers
mitmproxy
mitmproxy/mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
sqlmap
sqlmapproject/sqlmap
Automatic SQL injection and database takeover tool
metasploit-framework
rapid7/metasploit-framework
Metasploit Framework
h4cker
The-Art-of-Hacking/h4cker
This repository is maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), AI security, vulnerability research, exploit development, reverse engineering, and more. 🔥 Also check: https://hackertraining.org