{"id":20042863,"url":"https://github.com/topscoder/subgomain","last_synced_at":"2025-07-04T03:05:27.387Z","repository":{"id":241887764,"uuid":"808125833","full_name":"topscoder/subgomain","owner":"topscoder","description":"A high-performance tool for identifying domain takeovers with support for custom fingerprints and resolver lists.","archived":false,"fork":false,"pushed_at":"2025-04-07T14:47:39.000Z","size":213,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-05T08:41:16.278Z","etag":null,"topics":["bugbounty","bugbounty-tool","domain-takeover","infosec","infosectools","security","security-tools","subdomain-takeover"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/topscoder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-05-30T12:40:54.000Z","updated_at":"2025-04-16T07:26:16.000Z","dependencies_parsed_at":"2025-05-05T08:34:28.076Z","dependency_job_id":null,"html_url":"https://github.com/topscoder/subgomain","commit_stats":null,"previous_names":["topscoder/subgomain"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/topscoder/subgomain","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/topscoder%2Fsubgomain","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/topscoder%2Fsubgomain/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/topscoder%2Fsubgomain/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/topscoder%2Fsubgomain/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/topscoder","download_url":"https://codeload.github.com/topscoder/subgomain/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/topscoder%2Fsubgomain/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263437175,"owners_count":23466362,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","bugbounty-tool","domain-takeover","infosec","infosectools","security","security-tools","subdomain-takeover"],"created_at":"2024-11-13T10:53:54.900Z","updated_at":"2025-07-04T03:05:27.349Z","avatar_url":"https://github.com/topscoder.png","language":"Go","funding_links":[],"categories":["bugbounty"],"sub_categories":[],"readme":"# Subgomain\n\nSubgomain is a command-line tool for checking domains for vulnerabilities related to subdomain takeover. It checks a list of domains provided via input against known fingerprints stored in a JSON file. Possible vulnerabilities are identified through checks on DNS CNAME records, HTTP status codes, and string patterns in the HTML response content.\n\n## Installation\n\nYou can install Subgomain using the following command:\n\n```bash\ngo install -v github.com/topscoder/subgomain@latest\n```\n\n## Usage\n\n```bash\nsubgomain -domain \u003cdomain\u003e | -domains \u003cfilename\u003e [-fingerprints \u003curl_or_local_path\u003e] [-resolvers \u003curl\u003e] [-threads \u003cint\u003e] [-timeout \u003cseconds\u003e] [-silent] [-debug]\n```\n\n### Arguments\n\n#### Required\n- `-domain \u003cdomain\u003e`: Specifies the single domain to check.\n- `-domains \u003cpath-to-domains-file\u003e`: Specifies the path to the file containing the list of domains to check.\n\n#### Optional\n- `-fingerprints \u003curl-to-fingerprints-json\u003e` (optional): Specifies the URL or disk path to the JSON file containing fingerprints for identifying vulnerabilities. Optional. Defaults to a predefined URL.\n- `-resolvers \u003curl\u003e` (optional): Specifies the URL to the TXT file containing DNS servers (resolvers) to be used. Optional. Defaults to a predefined URL.\n- `-threads \u003cnumber-of-threads\u003e` (optional, default 5): Specifies the number of concurrent threads to use for domain checking. Optional. Defaults to the number of logical CPUs.\n- `-timeout \u003cseconds\u003e` (optional, default 2): Specifies the HTTP timeout in seconds. Optional. Defaults to 2 seconds.\n- `-silent` (optional): If provided, only prints vulnerable domains without any additional output. Optional.\n- `-debug` (optional): If provided, the application prints (loads of) debug messages.\n\n## Examples\n\n1. Check domains for vulnerabilities, printing both vulnerable and non-vulnerable domains:\n   ```bash\n   subgomain -domains domains.txt\n   ```\n\n2. Check domains for vulnerabilities, printing only vulnerable domains:\n   ```bash\n   subgomain -silent -domains domains.txt\n   ```\n\n3. Check domains using custom fingerprints file and increase the number of threads for faster processing:\n   ```bash\n   subgomain -domains domains.txt -fingerprints https://example.com/custom_fingerprints.json -threads 10\n   ```\n\n## Contributing\n\nContributions are welcome! If you have suggestions, feature requests, or find a bug, please open an issue or submit a pull request.\n\n## License\n\nThis project is licensed under the MIT License.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftopscoder%2Fsubgomain","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftopscoder%2Fsubgomain","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftopscoder%2Fsubgomain/lists"}