subfinder
subby
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
subfinder
-
Subdomain.center – discover all subdomains for a domain
https://github.com/projectdiscovery/subfinder does this, but it explains all the methods and lets you choose to only do a passive scan.
-
Introducing Goctopus: open-source, state-of-the-art GraphQL endpoint discovery & fingerprinting tool.
Subdomain Enumeration: Goctopus uses DNS records APIs via subfinder to enumerate subdomains.
-
Subdomain enumeration.
Subfinder
-
Can authenticated internet-facing web app be discovered if not indexed by search engines?
My main source is Certificate Transparency, which is kind of a database of TLS certs created so far. But use external tools like Subfinder or Amass.
- Como saber todos os domínios que uma empresa tem?
- How to find out domain names registered by a particular domain registrar?
-
Intellingence-Resources
Subfinder - https://github.com/projectdiscovery/subfinder
-
Subdomain Enumeration
The best CLI tool for finding subdomains is subfinder. It is made by ProjectDiscovery who creates really powerful tools. They recently got funded $1.7 million so that the devs could work full time on developing and maintaining these tools.
subby
-
Introducing Subby, a super fast subdomain enumeration tool that supports wildcard DNS records
Check it out here: https://github.com/n0mi1k/subby
What are some alternatives?
amass - In-depth attack surface mapping and asset discovery
Raptor - Passive subdomain enumeration tool with http-probe.
assetfinder - Find domains and subdomains related to a given domain
bbot - A recursive internet scanner for hackers.
httprobe - Take a list of domains and probe for working HTTP and HTTPS servers
subscraper - Subdomain and target enumeration tool built for offensive security testing
breach-parse - A tool for parsing breached passwords
scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
gowitness - 🔍 gowitness - a golang, web screenshot utility using Chrome Headless
Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
certificate-transparency - Auditing for TLS certificates.
OneForAll - OneForAll是一款功能强大的子域收集工具