{"id":13620608,"url":"https://github.com/screetsec/Sudomy","last_synced_at":"2025-04-14T22:32:02.943Z","repository":{"id":37390679,"uuid":"198997511","full_name":"screetsec/Sudomy","owner":"screetsec","description":"Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting","archived":false,"fork":false,"pushed_at":"2024-06-27T10:07:42.000Z","size":101175,"stargazers_count":2128,"open_issues_count":40,"forks_count":396,"subscribers_count":34,"default_branch":"master","last_synced_at":"2025-04-11T14:21:11.769Z","etag":null,"topics":["bash","bugbounty","bugcrowd","collected-subdomains","enumeration","framework","hackerone","httprobe","kali","kali-linux","pentesting","recon-subdomain","reconnaissance","scanner","subdomain-enumeration","subdomain-finder","subdomain-scanner","subfinder","sublist3r"],"latest_commit_sha":null,"homepage":"https://github.com/Screetsec/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/screetsec.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"custom":["https://paypal.me/screetsec"]}},"created_at":"2019-07-26T10:26:34.000Z","updated_at":"2025-04-10T15:55:05.000Z","dependencies_parsed_at":"2024-08-01T09:37:51.915Z","dependency_job_id":null,"html_url":"https://github.com/screetsec/Sudomy","commit_stats":{"total_commits":245,"total_committers":22,"mean_commits":"11.136363636363637","dds":"0.24897959183673468","last_synced_commit":"a34edc4da24f50e65a88bf689749b5eb82a303cb"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/screetsec%2FSudomy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/screetsec%2FSudomy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/screetsec%2FSudomy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/screetsec%2FSudomy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/screetsec","download_url":"https://codeload.github.com/screetsec/Sudomy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248631668,"owners_count":21136554,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","bugbounty","bugcrowd","collected-subdomains","enumeration","framework","hackerone","httprobe","kali","kali-linux","pentesting","recon-subdomain","reconnaissance","scanner","subdomain-enumeration","subdomain-finder","subdomain-scanner","subfinder","sublist3r"],"created_at":"2024-08-01T21:00:57.705Z","updated_at":"2025-04-14T22:32:02.936Z","avatar_url":"https://github.com/screetsec.png","language":"Shell","readme":"# Sudomy\n[![License](https://img.shields.io/badge/license-MIT-red.svg)](https://github.com/Screetsec/Sudomy/blob/master/LICENSE.md)  [![Build Status](https://action-badges.now.sh/screetsec/sudomy)](https://github.com/Screetsec/Sudomy/actions)  [![Version](https://img.shields.io/badge/Release-1.2.1-red.svg?maxAge=259200)]()  [![Build](https://img.shields.io/badge/Supported_OS-Linux-yellow.svg)]()  [![Build](https://img.shields.io/badge/Supported_WSL-Windows-blue.svg)]() [![Contributions Welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/screetsec/sudomy/issues) [![Donate](https://img.shields.io/badge/Donate-PayPal-green.svg)](https://www.paypal.me/screetsec)\n### Subdomain Enumeration \u0026 Analysis\n\u003cimg width=\"935\" alt=\"sudomy\" src=\"https://user-images.githubusercontent.com/17976841/102172910-685b5a80-3ecc-11eb-9bac-3003d786dd33.png\"\u003e\n\n\n\n***Sudomy*** is a subdomain enumeration tool to collect subdomains and analyzing domains performing advanced automated reconnaissance (framework). This tool can also be used for OSINT (Open-source intelligence) activities.\n\n## Features !\n##### For recent time, ***Sudomy*** has these 20 features:\n-  Easy, light, fast and powerful. Bash script (controller) is available by default in almost all Linux distributions. By using bash script multiprocessing feature, all processors will be utilized optimally.\n-  Subdomain enumeration process can be achieved by using **active** method or **passive** method\n    - **Active Method**\n        - *Sudomy* utilize Gobuster tools because of its highspeed performance in carrying out DNS Subdomain Bruteforce attack (wildcard support). The wordlist that is used comes from combined SecList (Discover/DNS) lists which contains around 3 million entries\n\n    - **Passive Method**\n        - By evaluating and **selecting** the **good** third-party sites/resources, the enumeration process can be **optimized**. More results will be obtained with less time required. *Sudomy* can collect data from these  well-curated 22 third-party sites:\n\n\t\t\t\thttps://censys.io\n\t\t\t\thttps://developer.shodan.io\n\t\t\t\thttps://dns.bufferover.run\n\t\t\t\thttps://index.commoncrawl.org \n\t\t\t\thttps://riddler.io \n\t\t\t\thttps://api.certspotter.com\n\t\t\t\thttps://api.hackertarget.com \n\t\t\t\thttps://api.threatminer.org\n\t\t\t\thttps://community.riskiq.com\n\t\t\t\thttps://crt.sh\n\t\t\t\thttps://dnsdumpster.com\n\t\t\t\thttps://docs.binaryedge.io\n\t\t\t\thttps://securitytrails.com\n\t\t\t\thttps://graph.facebook.com\n\t\t\t\thttps://otx.alienvault.com\n\t\t\t\thttps://rapiddns.io\n\t\t\t\thttps://spyse.com\n\t\t\t\thttps://urlscan.io\n\t\t\t\thttps://www.dnsdb.info\n\t\t\t\thttps://www.virustotal.com\n\t\t\t\thttps://threatcrowd.org\n\t\t\t\thttps://web.archive.org\n- Test the list of collected subdomains and probe for working http or https servers. This feature uses a third-party tool, [httprobe](https://github.com/tomnomnom/httprobe \"httprobe\").\n- Subdomain availability test based on Ping Sweep and/or by getting HTTP status code.\n- The ability to detect virtualhost (several subdomains which resolve to single IP Address). Sudomy will resolve the collected subdomains to IP addresses, then classify them if several subdomains resolve to single IP address. This feature will be very useful for the next penetration testing/bug bounty process. For instance, in port scanning, single IP address won’t be scanned repeatedly\n- Performed port scanning from collected subdomains/virtualhosts IP Addresses\n- Testing Subdomain TakeOver attack (CNAME Resolver, DNSLookup, Detect NXDomain, Check Vuln)\n- Taking Screenshots of subdomains default using gowitness or you can choice another screenshot tools, like (-ss webscreeenshot)\n- Identify technologies on websites (category,application,version)\n- Detection urls, ports, title, content-length, status-code, response-body probbing.\n- Smart auto fallback from https to http as default.\n- Data Collecting/Scraping open port from 3rd party (Default::Shodan), For right now just using Shodan [Future::Censys,Zoomeye]. More efficient and effective to collecting port from list ip on target [[ Subdomain \u003e IP Resolver \u003e Crawling \u003e ASN \u0026 Open Port ]]\n- Collecting Juicy URL \u0026 Extract URL Parameter ( Resource Default::WebArchive, CommonCrawl, UrlScanIO) \n- Collect interesting path (api|.git|admin|etc), document (doc|pdf), javascript (js|node) and parameter\n- Define path for outputfile (specify an output file when completed) \n- Check an IP is Owned by Cloudflare \n- Generate \u0026 make wordlist based on collecting url resources (wayback,urlscan,commoncrawl. To make that, we Extract All the paramater and path from our domain recon\n- Generate Network Graph Visualization Subdomain \u0026 Virtualhosts\n- Report output in HTML \u0026 CSV format\n- Sending notifications to a slack channel\n\n## How Sudomy Works \nHow sudomy works or recon flow, when you run the best arguments to collect subdomains and analyze by doing automatic recon.\n```\nroot@maland: ./sudomy -d bugcrowd.com -dP -eP -rS -cF -pS -tO -gW --httpx --dnsprobe  -aI webanalyze -sS\n```\n### Recon Worfklow\nThis Recon Workflow Sudomy v1.1.8#dev \n\n![Recon Workflow](https://raw.githubusercontent.com/Screetsec/Sudomy/master/doc/Sudomy%20-%20Recon%20Workflow%20v1.1.8%23dev.png)\n\n### Detail information\nDetail information File Reconnaissance \u0026 Juicy Data\n```\n------------------------------------------------------------------------------------------------------\n\n- subdomain.txt             -- Subdomain list             \u003c $DOMAIN (Target)\n- httprobe_subdomain.txt    -- Validate Subdomain\t  \u003c subdomain.txt\n- webanalyzes.txt           -- Identify technology scan   \u003c httprobe_subdomain.txt\n- httpx_status_title.txt    -- title+statuscode+lenght    \u003c httprobe_subdomain.txt\n- dnsprobe_subdomain.txt    -- Subdomain resolv\t\t  \u003c subdomain.txt\n- Subdomain_Resolver.txt    -- Subdomain resolv (alt)     \u003c subdomain.txt\n- cf-ipresolv.txt           -- Cloudflare scan        \t  \u003c ip_resolver.txt \n- Live_hosts_pingsweep.txt  -- Live Host check\t\t  \u003c ip_resolver.txt\t \n- ip_resolver.txt           -- IP resolv list          \t  \u003c Subdomain_Resolver::dnsprobe\n- ip_dbasn.txt\t\t    -- ASN Number Check\t\t  \u003c ip_resolver.txt\n- vHost_subdomain.txt       -- Virtual Host (Group by ip) \u003c Subdomain_Resolver.txt\n- nmap_top_ports.txt        -- Active port scanning       \u003c cf-ipresolv.txt\n- ip_dbport.txt\t\t    -- Passive port scanning\t  \u003c cf-ipresolv.txt\n\n------------------------------------------------------------------------------------------------------\n- Passive_Collect_URL_Full.txt \t\t-- Full All Url Crawl (WebArchive, CommonCrawl, UrlScanIO)\n------------------------------------------------------------------------------------------------------\n\n- ./screenshots/report-0.html   \t-- Screenshoting report    \t\u003c httprobe_subdomain.txt\n- ./screenshots/gowitness/gowitness.sqlite3   \t\t-- Database screenshot    \t\u003c httprobe_subdomain.txt\n\n------------------------------------------------------------------------------------------------------\n\n- ./interest/interesturi-allpath.out\t-- Interest path(/api,/git,etc) \u003c Passive_Collect_URL_Full.txt\n- ./interest/interesturi-doc.out\t-- Interest doc (doc,pdf,xls)   \u003c Passive_Collect_URL_Full.txt\n- ./interest/interesturi-otherfile.out\t-- Other files (.json,.env,etc) \u003c Passive_Collect_URL_Full.txt\n- ./interest/interesturi-js.out\t\t-- All Javascript files(*.js)  \t\u003c Passive_Collect_URL_Full.txt\n- ./interest/interesturi-nodemodule.out\t-- Files from /node_modules/    \u003c Passive_Collect_URL_Full.txt\n- ./interest/interesturi-param-full.out\t-- Full parameter list \t\t\u003c Passive_Collect_URL_Full.txt\n- ./interest/interesturi-paramsuniq.out -- Full Uniq parameter list \t\u003c Passive_Collect_URL_Full.txt\n\n-  Notes : You can validate juicy/interest urls/param using urlprobe or httpx to avoid false positives\n------------------------------------------------------------------------------------------------------\n\n- ./takeover/CNAME-resolv.txt\t\t-- CNAME Resolver \t\t\u003c subdomain.txt\n- ./takeover/TakeOver-Lookup.txt\t-- DNSLookup \t\t\t\u003c CNAME-resolv.txt\n- ./takeover/TakeOver-nxdomain.txt\t-- Other 3d service platform\t\u003c TakeOver-Lookup.txt\n- ./takeover/TakeOver.txt\t\t-- Checking Vulnerabilty\t\u003c CNAME-resolv.txt\n\n------------------------------------------------------------------------------------------------------\n\n- ./wordlist/wordlist-parameter.lst     -- Generate params wordlist     \u003c Passive_Collect_URL_Full.txt\n- ./wordlist/wordlist-pathurl.lst       -- Generate List paths wordlis  \u003c Passive_Collect_URL_Full.txt\n\n-  Notes : This Wordlist based on domain \u0026 subdomain information (path,file,query strings \u0026 parameter)\n------------------------------------------------------------------------------------------------------\n```\n\n## Publication\n- [Sudomy: Information Gathering Tools for Subdomain Enumeration and Analysis](https://iopscience.iop.org/article/10.1088/1757-899X/771/1/012019/meta) -  IOP Conference Series: Materials Science and Engineering, Volume 771, 2nd International Conference on Engineering and Applied Sciences (2nd InCEAS) 16 November 2019, Yogyakarta, Indonesia\n\n## User Guide\n- Offline User Guide : [Sudomy - Subdomain Enumeration and Analysis User Guide v1.0](https://github.com/Screetsec/Sudomy/blob/master/doc/Sudomy%20-%20Subdomain%20Enumeration%20%26%20Analaysis%20User%20Guide%20v1.0.pdf)\n- Online User Guide : [Subdomain Enumeration and Analysis User Guide](https://sudomy.screetsec.web.id/features) - Up to date\n\n## Comparison\nSudomy minimize more resources when use resources (Third-Party Sites) By evaluating and selecting the good third-party sites/resources, so the enumeration process can be optimized. The domain that is used in this comparison is ***tiket.com***.\n\nThe following are the results of passive enumeration DNS testing of *Sublist3r v1.1.0, Subfinder v2.4.5*, and *Sudomy v1.2.0*.\n\n\u003cimg width=\"935\" alt=\"Untitled\" src=\"https://user-images.githubusercontent.com/17976841/102053848-00990700-3e1b-11eb-9f48-9a82a8b3e64e.png\"\u003e\n\nIn here subfinder is still classified as very fast for collecting subdomains by utilizing quite a lot of resources. Especially if the resources used have been optimized (?).\n\nFor compilation results and videos, you can check here: \n\n- [Sudomy](https://www.youtube.com/watch?v=ksZkMpLljcY)\n- [Subfinder](https://youtu.be/Zxf3pwh7uMI)\n- [Sublist3r](https://youtu.be/DexFkrEwtt4)\n\nWhen I have free time. Maybe In the future, sudomy will use golang too. If you want to contributes it's open to pull requests.\n\n### But it's shit! And your implementation sucks!\n- Yes, you're probably correct. Feel free to \"Not use it\" and there is a pull button to \"Make it better\". \n\n## Installation\n*Sudomy* is currently extended with the following tools. Instructions on how to install \u0026 use the application are linked below.\n\n### To Download Sudomy From Github\n```bash\n# Clone this repository\ngit clone --recursive https://github.com/screetsec/Sudomy.git\n```\n\n### Dependencies\n```\n$ python3 -m pip install -r requirements.txt\n```\n*Sudomy* requires [jq](https://stedolan.github.io/jq/download/) and [GNU grep](https://www.gnu.org/software/grep/) to run and parse. Information on how to download and install jq can be accessed [here](https://stedolan.github.io/jq/download/)\n\n```bash\n# Linux\napt-get update\napt-get install jq nmap phantomjs npm chromium parallel\nnpm i -g wappalyzer wscat\n\n# Mac\nbrew cask install phantomjs \nbrew install jq nmap npm parallel grep\nnpm i -g wappalyzer wscat\n\n\n# Note\nAll you would need is an installation of the latest Google Chrome or Chromium \nSet the PATH in rc file for GNU grep changes\n```\n\n## Running in a Docker Container\n```bash\n# Pull an image from DockerHub\ndocker pull screetsec/sudomy:v1.2.1-dev\n\n# Create output directory\nmkdir output\n\n# Run an image, you can run the image on custom directory but you must copy/download config sudomy.api on current directory\ndocker run -v \"${PWD}/output:/usr/lib/sudomy/output\" -v \"${PWD}/sudomy.api:/usr/lib/sudomy/sudomy.api\" -t --rm screetsec/sudomy:v1.1.9-dev [argument]\n\n# or define API variable when executed an image.\n\ndocker run -v \"${PWD}/output:/usr/lib/sudomy/output\" -e \"SHODAN_API=xxxx\" -e \"VIRUSTOTAL=xxxx\" -t --rm screetsec/sudomy:v1.1.9-dev [argument]\n```\n\n### Post Installation\nAPI Key is needed before querying on third-party sites, such as ```Shodan, Censys, SecurityTrails, Virustotal,``` and ```BinaryEdge```.\n- The API key setting can be done in sudomy.api file.\n```bash\n# Shodan\n# URL :  http://developer.shodan.io\n# Example :\n#      - SHODAN_API=\"VGhpc1M0bXBsZWwKVGhmcGxlbAo\"\n\nSHODAN_API=\"\"\n\n# Censys\n# URL : https://search.censys.io/register\n\nCENSYS_API=\"\"\nCENSYS_SECRET=\"\"\n\n# Virustotal\n# URL : https://www.virustotal.com/gui/\nVIRUSTOTAL=\"\"\n\n\n# Binaryedge\n# URL : https://app.binaryedge.io/login\nBINARYEDGE=\"\"\n\n\n# SecurityTrails\n# URL : https://securitytrails.com/\nSECURITY_TRAILS=\"\"\n```\nYOUR_WEBHOOK_URL is needed before using the slack notifications\n- The URL setting can be done in slack.conf file.\n```bash\n# Configuration Slack Alert\n# For configuration/tutorial to get webhook url following to this site\n#     - https://api.slack.com/messaging/webhooks\n# Example: \n#     - YOUR_WEBHOOK_URL=\"https://hooks.slack.com/services/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\"\n\nYOUR_WEBHOOK_URL=\"https://hooks.slack.com/services/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\"\n```\n\n## Usage\n\n```text\n ___         _ _  _           \n/ __|_  _ __| (_)(_)_ __ _  _ \n\\__ \\ || / _  / __ \\  ' \\ || |\n|___/\\_,_\\__,_\\____/_|_|_\\_, |\n                          |__/ v{1.2.1#dev} by @screetsec \nSud⍥my - Fast Subdmain Enumeration and Analyzer      \n         http://github.com/screetsec/sudomy\n\nUsage: sud⍥my.sh [-h [--help]] [-s[--source]][-d[--domain=]] \n\nExample: sud⍥my.sh -d example.com   \n         sud⍥my.sh -s Shodan,VirusTotal -d example.com\n\nBest Argument:\n  sudomy -d domain.com -dP -eP -rS -cF -pS -tO -gW --httpx --dnsprobe  -aI webanalyze --slack -sS\n\n\nOptional Arguments:\n  -a,  --all             Running all Enumeration, no nmap \u0026 gobuster \n  -b,  --bruteforce      Bruteforce Subdomain Using Gobuster (Wordlist: ALL Top SecList DNS) \n  -d,  --domain          domain of the website to scan\n  -h,  --help            show this help message\n  -o,  --outfile         specify an output file when completed \n  -s,  --source          Use source for Enumerate Subdomain\n  -aI, --apps-identifier Identify technologies on website (ex: -aI webanalyze)\n  -dP, --db-port         Collecting port from 3rd Party default=shodan\n  -eP, --extract-params  Collecting URL Parameter from Engine\n  -tO, --takeover        Subdomain TakeOver Vulnerabilty Scanner\n  -wS, --websocket       WebSocket Connection Check\n  -cF, --cloudfare       Check an IP is Owned by Cloudflare\n  -pS, --ping-sweep      Check live host using methode Ping Sweep\n  -rS, --resolver        Convert domain lists to resolved IP lists without duplicates\n  -sC, --status-code     Get status codes, response from domain list\n  -nT, --nmap-top        Port scanning with top-ports using nmap from domain list\n  -sS, --screenshot      Screenshots a list of website (default: gowitness)\n  -nP, --no-passive      Do not perform passive subdomain enumeration \n  -gW, --gwordlist       Generate wordlist based on collecting url resources (Passive) \n       --httpx           Perform httpx multiple probers using retryablehttp \n       --dnsprobe        Perform multiple dns queries (dnsprobe) \n       --no-probe        Do not perform httprobe \n       --html            Make report output into HTML \n       --graph           Network Graph Visualization\n```\nTo use all 22 Sources and Probe for working http or https servers (Validations):\n```\n$ sudomy -d hackerone.com\n```\nTo use one or more source:\n```\n$ sudomy -s shodan,dnsdumpster,webarchive -d hackerone.com\n```\nTo use all Sources Without Validations:\n```\n$ sudomy -d hackerone.com --no-probe\n```\nTo use one or more plugins:\n```\n$ sudomy -pS -sC -sS -d hackerone.com\n```\nTo use all plugins: testing host status, http/https status code, subdomain takeover and screenshots. \n\nNmap,Gobuster,wappalyzer and wscat Not Included.\n```\n$ sudomy -d hackerone.com --all \n```\n\nTo create report in HTML Format\n```\n$ sudomy -d hackerone.com --html --all\n```\n\nHTML Report Sample:\n\n| Dashboard\t| Reports\t|\n| ------------  | ------------ |\n|![Index](https://user-images.githubusercontent.com/17976841/63597336-6ab6e880-c5e7-11e9-819e-91634e347b0c.PNG)|![f](https://user-images.githubusercontent.com/17976841/63597476-bbc6dc80-c5e7-11e9-8985-6a73348a2e02.PNG)|\n\n\nTo gnereate network graph visualization subdomain \u0026 virtualhosts\n```\n$ sudomy -d hackerone.com -rS --graph\n```\nGraph Visualization [Sample](https://screetsec.github.io/): \n| nGraph\t|\n| ------------  |\n|![nGraph](https://user-images.githubusercontent.com/17976841/104086846-b24a1d00-528d-11eb-88f5-de9bb0b641d1.PNG)|\n\nTo use best arguments to collect subdomains, analyze by doing automatic recon and sending notifications to slack\n```\n./sudomy -d ngesec.id -dP -eP -rS -cF -pS -tO -gW --httpx --dnsprobe --graph  -aI webanalyze --slack -sS\n```\nSlack Notification Sample:\n| Slack \t|\n| ------------  |\n|![Slacks](https://user-images.githubusercontent.com/17976841/95856703-a4672780-0d84-11eb-9a3e-03ab39e4dc10.png)|\n\n\n\n\n## Tools Overview\n- Youtube Videos : Click [here](http://www.youtube.com/watch?v=DpXIBUtasn0)\n\n\n## Translations\n- [Indonesia](https://github.com/Screetsec/Sudomy/blob/master/doc/README_ID.md)\n- [English](https://github.com/Screetsec/Sudomy/blob/master/doc/README_EN.md)\n- [Portuguese - Brazil](https://github.com/Screetsec/Sudomy/blob/master/doc/README_PT_BR.md)\n\n\n## Changelog\nAll notable changes to this project will be documented in this [file](https://github.com/Screetsec/sudomy/blob/master/CHANGELOG.md).\n\n\n\n## Alternative Best Tool - Subdomain Enumeration\n- [Subfinder](https://github.com/projectdiscovery/subfinder) - Projectdiscovery\n- [Sublist3r](https://github.com/aboul3la/Sublist3r) - aboul3la\n- [Findomain](https://github.com/Edu4rdSHL/findomain) - Edu4rdSHL\n- [Amass](https://github.com/OWASP/Amass) - OWASP\n\n## Credits \u0026 Thanks\n- [Tom Hudson](https://github.com/tomnomnom/) - Tomonomnom\n- [OJ Reeves](https://github.com/OJ/) - Gobuster\n- [ProjectDiscovery](https://github.com/projectdiscovery) - Security Through Intelligent Automation\n- [Thomas D Maaaaz](https://github.com/maaaaz) - Webscreenshot\n- [Dwi Siswanto](https://github.com/dwisiswant0) - cf-checker\n- [Robin Verton](https://github.com/rverton/webanalyze) - webanalyze\n- [christophetd](https://github.com/christophetd/censys-subdomain-finder) - Censys\n- [Daniel Miessler](https://github.com/danielmiessler/) - SecList\n- [EdOverflow](https://github.com/EdOverflow/) - can-i-take-over-xyz\n- [jerukitumanis](https://github.com/myugan) - Docker Maintainer\n- [NgeSEC](https://ngesec.id/) - Community\n- [Zerobyte](http://zerobyte.id/) - Community\n- [Gauli(dot)Net](https://gauli.net/) - Lab Hacking Indonesia\n- [missme3f](https://github.com/missme3f/) - Raditya Rahma\n- [Bugcrowd](https://www.bugcrowd.com/) \u0026 [Hackerone](https://www.hackerone.com/)\n- [darknetdiaries](https://darknetdiaries.com/) - Awesome Art\n","funding_links":["https://paypal.me/screetsec","https://www.paypal.me/screetsec"],"categories":["Weapons","扫描器_资产收集_子域名","[↑](#-table-of-contents) SubDomain's","Shell","S"],"sub_categories":["Tools","资源传输下载"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscreetsec%2FSudomy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscreetsec%2FSudomy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscreetsec%2FSudomy/lists"}