A powerful Python-based tool for discovering subdomains of target domains using multiple discovery methods including DNS enumeration and certificate transparency logs.
- DNS enumeration with concurrent scanning
- Certificate transparency logs scanning via crt.sh
- Custom wordlist support
- Multithreaded scanning for better performance
- Output results to file
- Python 3.8 or higher installed on your system
- pip (Python package installer)
- Basic command line knowledge
The following Python packages will be automatically installed via requirements.txt:
- dnspython (>= 2.3.0) - For DNS enumeration and resolution
- requests (>= 2.31.0) - For HTTP requests and certificate transparency logs
- tqdm (>= 4.65.0) - For progress bar visualization
- flask (>= 3.0.0) - For web interface functionality
- Clone or download this repository
- Navigate to the project directory:
cd subdomain-scanner - Install the required dependencies:
pip install -r requirements.txt
python subdomain_scanner.py -d DOMAIN -w WORDLIST [-t THREADS] [-o OUTPUT]-d, --domain: Target domain to scan (required)-w, --wordlist: Path to the wordlist file containing subdomain prefixes (required)-t, --threads: Number of concurrent threads (optional, default: 10)-o, --output: Output file to save results (optional)
-
Basic scan with default settings:
python subdomain_scanner.py -d example.com -w wordlist.txt
-
Scan with increased thread count and save results:
python subdomain_scanner.py -d example.com -w wordlist.txt -t 20 -o results.txt
-
Using a custom wordlist:
python subdomain_scanner.py -d example.com -w custom_wordlist.txt -o scan_results.txt
- Start the Flask web server:
python app.py
- Open your web browser and navigate to
http://localhost:5000
- Enter the target domain in the domain input field
- (Optional) Adjust the number of threads
- (Optional) Upload a custom wordlist file
- Click the "Scan" button to start the scan
- View results in real-time as they appear
- Download the results using the "Download Results" button
- User-friendly interface for subdomain scanning
- Real-time display of discovered subdomains
- Adjustable thread count for performance optimization
- Optional custom wordlist upload
- Easy download of scan results
The tool will display discovered subdomains in real-time during the scan. If an output file is specified, the results will be saved in the following format:
subdomain1.example.com
subdomain2.example.com
subdomain3.example.com
- Start with a smaller thread count and increase if needed
- Use an appropriate wordlist size for your target
- Always ensure you have permission to scan the target domain
- Save your results using the output option for future reference
- If the scan seems slow, try adjusting the thread count
- Ensure your wordlist file is properly formatted (one subdomain prefix per line)
- Check your internet connection if the scan fails to start
This tool is for educational and authorized testing purposes only. Always obtain proper authorization before scanning any domain. Unauthorized scanning may be illegal in your jurisdiction.
Contributions are welcome! Please feel free to submit pull requests or report issues to help improve the tool.