{"id":13492258,"url":"https://github.com/elceef/subzuf","last_synced_at":"2025-05-07T07:21:46.118Z","repository":{"id":65419382,"uuid":"566897388","full_name":"elceef/subzuf","owner":"elceef","description":"a smart DNS response-guided subdomain fuzzer","archived":false,"fork":false,"pushed_at":"2023-01-03T20:06:52.000Z","size":140,"stargazers_count":151,"open_issues_count":0,"forks_count":14,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-03-31T07:34:23.771Z","etag":null,"topics":["dns","fuzzing","subdomain-enumeration"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elceef.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-11-16T16:39:54.000Z","updated_at":"2025-03-30T15:11:11.000Z","dependencies_parsed_at":"2023-02-01T09:31:54.250Z","dependency_job_id":null,"html_url":"https://github.com/elceef/subzuf","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elceef%2Fsubzuf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elceef%2Fsubzuf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elceef%2Fsubzuf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elceef%2Fsubzuf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elceef","download_url":"https://codeload.github.com/elceef/subzuf/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252831462,"owners_count":21810808,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dns","fuzzing","subdomain-enumeration"],"created_at":"2024-07-31T19:01:04.490Z","updated_at":"2025-05-07T07:21:46.098Z","avatar_url":"https://github.com/elceef.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"subzuf\n======\n\n*subzuf* is a smart subdomain fuzzer coupled with an immensly simple but \neffective DNS reponse-guided algorithm. It utilizes a provided set of input \ndata, like a tailored wordlist or historical DNS/TLS records, to accurately \nsynthesize more corresponding domain names and expand them even further in a \nloop based on information gathered during DNS scan. This somewhat different \napproach to subdomain enumeration in most cases allows to discover more \nsubdomains with significantly reduced time and resources.\n\n![Demo](/misc/demo.gif)\n\nIn short, *subzuf* can be summarized by the following:\n\n- Generates carefully selected candidates and uncover completely new subdomains \nduring DNS enumeration scans\n- Efficient multi-threaded DNS client capable of resolving thousands of domains \nper second\n- Wildcard detection in two modes: filter (default, slightly slower but \naccurate) and reject (resource-saving)\n- Accepts wordlist or domain names or a mix of both as input\n- Requires essentially no configuration or fine-tuning\n- Works right of out the box - no external dependencies or bizzare requirements\n- Easily chainable with other tools\n\n\nInstallation\n------------\n\n```\n$ git clone https://github.com/elceef/subzuf.git\n$ cd subzuf\n$ pip install .\n$ subzuf --help\n```\n\n*subzuf* itself is just a single file which has no external dependencies - you \ncan move it anywhere you need.\n\n\nQuick examples\n--------------\n\nUsing the attached scripts, collect publicly available data related to the \ntarget domain and provide it as input:\n\n```\n$ ./scripts/_subfind.sh example.com | subzuf example.com\n```\n\nProvide a text file as input, save JSON output to a file, and display results \nin CSV format:\n\n```\n$ cat wordlist.txt | subzuf example.com | tee out.zuf | ./scripts/json2csv.sh\n```\n\n\nUsage tips\n----------\n\n- The most efficient enumeration happens not with enormous or random input but \nwith a mix of targeted test cases generated from OSINT and tailored wordlist.\n- Input data is validated and everything that can't be quickly \"fixed\" on the \nfly will be silently skipped.\n- By default the number of threads is auto-selected based on available CPU \ncores, which is a safe and in many cases sufficient value. Although it often \npays off to increase this number, keep in mind that at some point speed does \nnot increase linearly with the number of threads.\n- Keep an eye at the error ratio in the status line. It should be reasonably \nlow, say less than 1%. The most common errors are socket timeouts due to: \ncongested and poor quality network links, slow DNS resolvers, rate-limiting, \noverloaded authoritative nameservers.\n- Cloudflare and Google public DNS resolvers are used by default and \nconsidered reliable. Feel free to supply your own list of DNS resolvers. \nAlthough resolvers undergo basic validation test, please ensure that they can \nhandle higher loads. Poor quality DNS resolvers will cause excessive timeout \nerrors or refused/servfail status responses.\n- Colourful CLI output is auto-selected when an interactive terminal is \ndetected. Otherwise JSON is used by default. Output format can be always \nenforced with the optional command line argument.\n\n\nKnown limitations and common-sense risks\n----------------------------------------\n\n- Active DNS enumeration involves many thousands of queries in a relatively \nshort period of time. Keep in mind that such a volume of DNS messages might not \ngo unnoticed at the target.\n- Virtual machines with NAT network adapters are generally not suitable for \nhandling hundreds of DNS packets per second and will likely cause timeout \nerrors.\n- Built-in DNS client has a bare-minimum implementation required for the task \nand does not support DoH - use a proxy solution if really necessary.\n\n\nContact\n-------\n\nQuestions? Don't hesitate to contact the author. Any feedback is appreciated.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felceef%2Fsubzuf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felceef%2Fsubzuf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felceef%2Fsubzuf/lists"}