Subdomain Enumeration

• Sublist3r - Fast subdomains enumeration tool for penetration testers

• Amass - In-depth Attack Surface Mapping and Asset Discovery

• massdns - A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)

• Findomain - The fastest and cross-platform subdomain enumerator, do not waste your time.

• Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting

• chaos-client - Go client to communicate with Chaos DNS API.

• domained - Multi Tool Subdomain Enumeration

• bugcrowd-levelup-subdomain-enumeration - This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference

• shuffledns - shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output…

• censys-subdomain-finder - Perform subdomain enumeration using the certificate transparency logs from Censys.

• Turbolist3r - Subdomain enumeration tool with analysis features for discovered domains

• censys-enumeration - A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys

• tugarecon - Fast subdomains enumeration tool for penetration testers.

• as3nt - Another Subdomain ENumeration Tool

• Subra - A Web-UI for subdomain enumeration (subfinder)

• Substr3am - Passive reconnaissance/enumeration of interesting targets by watching for SSL certificates being issued

• domain - enumall.py Setup script for Regon-ng

• altdns - Generates permutations, alterations and mutations of subdomains and then resolves them

• brutesubs - An automation framework for running multiple open sourced subdomain bruteforcing tools (in parallel) using your own wordlists via Docker Compose

• dns-parallel-prober - his is a parallelised domain name prober to find as many subdomains of a given domain as fast as possible.

• dnscan - dnscan is a python wordlist-based DNS subdomain scanner.

• knock - Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist.

• hakrevdns - Small, fast tool for performing reverse DNS lookups en masse.

• dnsx - Dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.

• subfinder - Subfinder is a subdomain discovery tool that discovers valid subdomains for websites.

• assetfinder - Find domains and subdomains related to a given domain

• crtndstry - Yet another subdomain finder

• VHostScan - A virtual host scanner that performs reverse lookups

• scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration