{"id":13454375,"url":"https://github.com/nsonaniya2010/SubDomainizer","last_synced_at":"2025-03-24T05:33:41.640Z","repository":{"id":41298940,"uuid":"158257351","full_name":"nsonaniya2010/SubDomainizer","owner":"nsonaniya2010","description":"A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.","archived":false,"fork":false,"pushed_at":"2024-05-20T21:56:50.000Z","size":100,"stargazers_count":1782,"open_issues_count":3,"forks_count":234,"subscribers_count":42,"default_branch":"master","last_synced_at":"2025-03-17T08:48:46.635Z","etag":null,"topics":["bug-bounty","bugbounty","cloud-storage-services","external-javascripts","find-secrets","find-subdomains","madeinindia","python3","s3-bucket","s3-buckets","secretfinder","secrets","security","security-automation","security-tools","subdomain-enumeration","subdomain-scanner"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nsonaniya2010.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-11-19T16:32:46.000Z","updated_at":"2025-03-17T01:30:27.000Z","dependencies_parsed_at":"2024-10-28T21:46:10.791Z","dependency_job_id":null,"html_url":"https://github.com/nsonaniya2010/SubDomainizer","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nsonaniya2010%2FSubDomainizer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nsonaniya2010%2FSubDomainizer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nsonaniya2010%2FSubDomainizer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nsonaniya2010%2FSubDomainizer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nsonaniya2010","download_url":"https://codeload.github.com/nsonaniya2010/SubDomainizer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245217428,"owners_count":20579291,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bug-bounty","bugbounty","cloud-storage-services","external-javascripts","find-secrets","find-subdomains","madeinindia","python3","s3-bucket","s3-buckets","secretfinder","secrets","security","security-automation","security-tools","subdomain-enumeration","subdomain-scanner"],"created_at":"2024-07-31T08:00:53.530Z","updated_at":"2025-03-24T05:33:41.303Z","avatar_url":"https://github.com/nsonaniya2010.png","language":"Python","funding_links":["https://www.buymeacoffee.com/neerajson","https://paypal.me/BugsByNeeraj"],"categories":["Subdomain-enum","Python","By Industry","Python (1887)"],"sub_categories":["Security"],"readme":"[![Python 3.x](https://img.shields.io/badge/python-%3E3.5-yellow.svg)](https://www.python.org/) \n[![Twitter](https://img.shields.io/badge/twitter-@neeraj_sonaniya-blue.svg)](https://twitter.com/neeraj_sonaniya)\n\n## Buy Me A [Coffee](https://www.buymeacoffee.com/neerajson)\n\n## SubDomainizer\n\nSubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascripts present in the given URL.\nThis tool also finds S3 buckets, cloudfront URL's and more from those JS files which could be interesting like S3 bucket is open to read/write, or subdomain takeover and similar case for cloudfront.\nIt also scans inside given folder which contains your files.\n\n## Cloud Storage Services Supported:\nSubDomainizer can find URL's for following cloud storage services:\n```\n1. Amazon AWS services (cloudfront and S3 buckets)\n2. Digitalocean spaces \n3. Microsoft Azure \n4. Google Cloud Services \n5. Dreamhost \n6. RackCDN. \n```\n## Secret Key's Searching: (beta)\nSubDomainizer will also find secrets present in content of the page and javascripts files.\nThose secret finding depends on some specific keywords and *Shannon Entropy* formula.\nIt might be possible that some secrets which searched by tool will be false positive.\nThis secret key searching is in beta and later version might have increased accuracy for search results.\n\n## Screenshots:\n\n![SubDomainizer](https://i.imgur.com/x3XSamk.png)\n\n![Sub2.0](https://i.imgur.com/TvVKabs.png)\n\n## Installation Steps\n\n1. Clone SubDomainzer from git:\n```\ngit clone https://github.com/nsonaniya2010/SubDomainizer.git\n```\n2. Change the directory:\n```\ncd SubDomainizer\n```\n\n3. Install the requirements:\n\n```\npip3 install -r requirements.txt\n```\n4. Enjoy the Tool.\n\n## Update to latest version:\n\nUse following command to update to latest version:\n\n```\ngit pull\n```\n\n## Usage\n\nShort Form    | Long Form     | Description\n------------- | ------------- |-------------\n-u            | --url         | URL in which you want to find (sub)domains.\n-l            | --listfile    | File which contain list of URL's needs to be scanned.\n-o            | --output      | Output file name in which you need to save the results.\n-c            | --cookie      | Cookies which needs to be sent with request.\n-h            | --help        | show the help message and exit.\n-cop          | --cloudop     | Give file name in which you need to store cloud services results.\n-d            | --domains     | Give TLD (eg. for www.example.com you have to give example.com) to find subdomain for given TLD seperated by comma (no spaces b/w comma).\n-g            | --gitscan     | Needed if you want to get things via Github too.\n-gt           | --gittoken    | Github API token is needed, if want to scan (also needed -g also).\n-gop\t      | --gitsecretop | Saving secrets to a file found in github.\n-k            | --nossl       | Use this to bypass the verification of SSL certificate.\n-f            | --folder      | Root folder which contains files/folder.\n-san          | --subject_alt_name    |  Find Subject Alternative Names for all found subdomains, Options: 'all', 'same'.\n\n## SAN options description:\n* all - This option will find all domains and subdomains.\n* same - This will only find subdomains for specific subdomains.\n\n## Examples\n\n* To list help about the tool:\n```\npython3 SubDomainizer.py -h\n```\n* To find subdomains, s3 buckets, and cloudfront URL's for given single URL:\n```\npython3 SubDomainizer.py -u http://www.example.com\n```\n* To find subdomains from given list of URL (file given):\n```\npython3 SubDomainizer.py -l list.txt\n```\n\n* To save the results in (output.txt) file:\n```\npython3 SubDomainizer.py -u https://www.example.com -o output.txt\n```\n* To give cookies:\n```\npython3 SubDomainizer.py -u https://www.example.com -c \"test=1; test=2\"\n```\n* To scan via github:\n```\npython3 SubDomainizer.py -u https://www.example.com -o output.txt -gt \u003cgithub_token\u003e -g \n```\n* No SSL Certificate Verification:\n```\npython3 SubDomainizer.py -u https://www.example.com -o output.txt -gt \u003cgithub_token\u003e -g  -k\n```\n* Folder Scanning:\n```\npython3 SubDomainizer.py -f /path/to/root/folder/having/files/and/folders/  -d example.com  -gt \u003cgithub_token\u003e -g  -k\n```\n* Subject Alternative Names:\n```\npython3 SubDomainizer.py -u https://www.example -san all\n```\n* Saving secrets to a file scan found in github:\n```\npython3 SubDomainizer.py -u https://www.example.com -o output.txt -gt \u003cgithub_token\u003e -g -gop filename_to_save\n```\n\n\n## Difference in results (with cookies and without cookies on facebook.com):\n\nResults before using facebook cookies in SubDomainizer:\n\n![BeforeCookies](https://i.imgur.com/v7igAId.png)\n\nResults after using facebook cookies in SubDomainizer:\n\n![AfterCookies](https://i.imgur.com/QKY09mx.png)\n\n\n## Changes:\nIn the latest version (2.0) following important features are added:\n1. Find Subject Alternative Names for the found subdomains.\n2. Added where the secrets were found.\n\n## License\nThis tools is licensed under the MIT license. take a look at the [LICENSE](https://github.com/nsonaniya2010/SubDomainizer/blob/master/LICENSE) for information about it.\n\n## Want to Help?\nWant to help if you like features and tools? or Liked this tool?\n[Help Here](https://paypal.me/BugsByNeeraj)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnsonaniya2010%2FSubDomainizer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnsonaniya2010%2FSubDomainizer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnsonaniya2010%2FSubDomainizer/lists"}