Navigate:
Subfinder
~$SUBFI0.5%

subfinder: Passive subdomain enumeration tool

Passive subdomain discovery via DNS resolution and validation.

LIVE RANKINGS • 01:59 PM • STEADY
OVERALL
#179
37
SECURITY
#17
8
30 DAY RANKING TREND
ovr#179
·Secur#17
STARS
13.1K
FORKS
1.5K
7D STARS
+60
7D FORKS
+5
See Repo:
Share:

Learn more about Subfinder

Subfinder is a passive subdomain enumeration tool that aggregates subdomain intelligence from multiple online data sources without actively scanning target infrastructure. The tool queries over 30 sources including certificate transparency logs, search engines, and threat intelligence platforms through their respective APIs, then consolidates and deduplicates the discovered subdomains. It implements DNS resolution capabilities to validate discovered subdomains and can optionally resolve their IP addresses while filtering wildcard DNS entries. The architecture supports concurrent source querying with configurable rate limiting and timeouts to balance discovery speed against API restrictions. Subfinder operates as a command-line utility designed for reconnaissance phases of security assessments and continuous subdomain monitoring workflows.

Subfinder

1

Configurable Passive Sources

Query 40+ curated data sources without touching target infrastructure. Select, exclude, or combine sources individually with per-source rate limits and recursive subdomain filtering capabilities.

2

Built-in DNS Validation

Automatic resolution and wildcard elimination verify discovered subdomains before output. Supports custom resolver lists to reduce false positives and validate results against actual DNS records.

3

Pipeline-Native Design

STDIN/STDOUT support enables direct integration with security toolchains. Batch process domain lists with multiple output formats (JSON, plaintext) and YAML-based configuration for reproducible workflows.


package main

import (
    "github.com/projectdiscovery/subfinder/v2/pkg/runner"
)

func main() {
    options := &runner.Options{
        Threads: 10,
        Timeout: 30,
        Domains: []string{"example.com"},
    }
    
    subfinder, _ := runner.NewRunner(options)
    subfinder.RunEnumeration()
}

See how people are using Subfinder

Loading tweets...


[ EXPLORE MORE ]

Related Repositories

Discover similar tools and frameworks used by developers