{"id":13841924,"url":"https://github.com/RASSec/Subdomain-Enumaration","last_synced_at":"2025-07-11T13:33:09.058Z","repository":{"id":114401722,"uuid":"301459096","full_name":"RASSec/Subdomain-Enumaration","owner":"RASSec","description":null,"archived":false,"fork":false,"pushed_at":"2020-10-05T15:46:08.000Z","size":9,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-08-05T17:29:44.373Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RASSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-10-05T15:42:46.000Z","updated_at":"2024-01-13T15:42:35.000Z","dependencies_parsed_at":"2024-01-23T12:58:22.636Z","dependency_job_id":"6c802eec-e92c-4e01-8247-29442bcad513","html_url":"https://github.com/RASSec/Subdomain-Enumaration","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RASSec%2FSubdomain-Enumaration","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RASSec%2FSubdomain-Enumaration/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RASSec%2FSubdomain-Enumaration/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RASSec%2FSubdomain-Enumaration/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RASSec","download_url":"https://codeload.github.com/RASSec/Subdomain-Enumaration/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225729754,"owners_count":17515159,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:01:24.216Z","updated_at":"2024-11-21T12:30:38.128Z","avatar_url":"https://github.com/RASSec.png","language":null,"funding_links":[],"categories":["Others (1002)","Others"],"sub_categories":[],"readme":"# Subdomain-Enumaration\n\nThese are Subdomain Enumaration Tools that I use, **Thanks to all the Authors for making things easy** and make sure to comment down which tools you use for Subdomain Enumaration and your methodologies\n\n\n- **Using Findomain**\n\n [Findomain/Findomain](https://github.com/Findomain/Findomain)\n\n $ findomain -t target.com -o\n\n---\n\n- **Using jhaddix All.txt**\n\n $ ffuf -w JHADDIX-ALL/all.txt -u \"https://FUZZ.target.com/\" -v | grep \"| URL |\" | awk '{print $4}'\n\n---\n\n- **Search Subdomain using Gospider**\n\n [KingOfBugbounty/KingOfBugBountyTips](https://github.com/KingOfBugbounty/KingOfBugBountyTips)\n\n $ gospider -d 0 -s \"https://target.com\" -c 5 -t 100 -d 5 --blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg,txt | grep -Eo '(http|https)://[^/\"]+' | anew\n\n---\n\n- **Using Subfinder**\n\n [projectdiscovery/subfinder](https://github.com/projectdiscovery/subfinder)\n\n $ subfinder -d target.com -o target.com_subfinder.txt\n\n---\n\n- **Search subdomains using jldc**\n\n [KingOfBugbounty/KingOfBugBountyTips](https://github.com/KingOfBugbounty/KingOfBugBountyTips)\n\n $ curl -s \"https://jldc.me/anubis/subdomains/target.com\" | grep -Po \"((http|https):\\/\\/)?(([\\w.-]*)\\.([\\w]*)\\.([A-z]))\\w+\" | anew\n\n---\n\n- **Subdomain search Bufferover resolving domain to httpx**\n\n [KingOfBugbounty/KingOfBugBountyTips](https://github.com/KingOfBugbounty/KingOfBugBountyTips)\n\n $ curl -s https://dns.bufferover.run/dns?q=.target.com |jq -r .FDNS_A[] | sed -s 's/,/\\n/g' | httpx -silent | anew\n\n---\n\n- **Using AssetFinder**\n\n [tomnomnom/assetfinder](https://github.com/tomnomnom/assetfinder)\n\n $ assetfinder --subs-only target.com \u003e\u003e target.com.txt\n\n---\n\n- **Using Knockpy**\n\n [guelfoweb/knock](https://github.com/guelfoweb/knock)\n\n $ knockpy.py target.com\n\n---\n\n- **Using Amass**\n\n [OWASP/Amass](https://github.com/OWASP/Amass)\n\n $ amass enum -d target.com -o target.com_amass.txt\n\n---\n\n- **Using Subbrute**\n\n [TheRook/subbrute](https://github.com/TheRook/subbrute)\n\n $ subbrute.py target.com -o target.com_Subbrute.txt\n\n---\n\n- **Using Sublist3r**\n\n [aboul3la/Sublist3r](https://github.com/aboul3la/Sublist3r)\n\n $ sublist3r.py -d target.com -o target.com_Sublist3r.txt\n\n---\n\n- **Using Sudomy**\n\n [Screetsec/Sudomy](https://github.com/Screetsec/Sudomy)\n\n $ sudomy -d target.com\n\n---\n\n- **Filter the Valid Subdomains Found**\n\n $ while read i; do digout=$(dig +short ${i//[$'\\t\\r\\n ']}); if [[ ! -z $digout ]]; then echo ${i//[$'\\t\\r\\n ']}; fi; done \u003c target.com.txt \u003e target.com_valid.txt\n\n---\n\n- **Python Script To Run All Tools In One Go By Me**\n\n $ python sub3num.py target.com \n\n ```python\n #!/usr/bin/python\n from subprocess import Popen, PIPE\n import sys\n\n domain = sys.argv[1]\n commands = ['findomain -t '+domain+' -o;subfinder -d '+domain+' -o '+domain+'_subfinder.txt ;assetfinder --subs-only '+domain+' \u003e\u003e '+domain+'_assetfinder.txt;amass enum -d '+domain+' -o '+domain+'_amass.txt ;python ~/Bug-Tools/subbrute/subbrute.py '+domain+' -o '+domain+'_subbrute.txt ;python ~/Bug-Tools/Sublist3r/sublist3r.py -d '+domain+' -o '+domain+'_sublist3r.txt ;cat *.txt | sort -u \u003e\u003e '+domain+'_final_domains.txt ;cat '+domain+'_final_domains.txt | httprobe | httpx | sort -u \u003e\u003e valid_subs.txt;']\n count = 0\n processes = []\n for com in commands:\n print \"Start execute commands..\"\n processes.append(Popen(com, shell=True))\n count += 1\n print \"[OK] command \"+str(count)+\" running successfully.\"\n else:\n print \"Finish..\"\n\n for i, process in enumerate(processes):\n process.wait()\n print \"Command #{} finished\".format(i)\n ```\n\n---\n\nšŸ’¬ **Contact Me Here:**\n\n[](https://twitter.com/AbhishekKarle3)\n\n---\n\nšŸ’¬ **Comment down which tools you use for Subdomain Enumaration and your methodologies Here** šŸ‘‡\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRASSec%2FSubdomain-Enumaration","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FRASSec%2FSubdomain-Enumaration","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRASSec%2FSubdomain-Enumaration/lists"}