~/trending
~$PIMONO24.1%~$OPENCLAW15.6%~$ZVEC55.9%~$CLAUDECO5.1%~$HERETIC15.2%~$ROWBOAT12.7%~$GOGCLI19.8%~$CODEXCLI2.3%~$CONTEXT72.5%~$SUMMARIZ19.5%~$PIMONO24.1%~$OPENCLAW15.6%~$ZVEC55.9%~$CLAUDECO5.1%~$HERETIC15.2%~$ROWBOAT12.7%~$GOGCLI19.8%~$CODEXCLI2.3%~$CONTEXT72.5%~$SUMMARIZ19.5%
live
Navigate:
Subfinder
~$SUBFI0.5%

subfinder: Passive subdomain enumeration tool

Passive subdomain discovery via DNS resolution and validation.

LIVE RANKINGS • 01:59 PM • STEADY
OVERALL
#179
37
SECURITY
#17
8
30 DAY RANKING TREND
ovr#179
·Secur#17
STARS
13.1K
FORKS
1.5K
7D STARS
+60
7D FORKS
+5
Tags:
Security
See Repo:
Share:

Learn more about Subfinder

Subfinder is a passive subdomain enumeration tool that aggregates subdomain intelligence from multiple online data sources without actively scanning target infrastructure. The tool queries over 30 sources including certificate transparency logs, search engines, and threat intelligence platforms through their respective APIs, then consolidates and deduplicates the discovered subdomains. It implements DNS resolution capabilities to validate discovered subdomains and can optionally resolve their IP addresses while filtering wildcard DNS entries. The architecture supports concurrent source querying with configurable rate limiting and timeouts to balance discovery speed against API restrictions. Subfinder operates as a command-line utility designed for reconnaissance phases of security assessments and continuous subdomain monitoring workflows.

Subfinder
1

Configurable Passive Sources

Query 40+ curated data sources without touching target infrastructure. Select, exclude, or combine sources individually with per-source rate limits and recursive subdomain filtering capabilities.

2

Built-in DNS Validation

Automatic resolution and wildcard elimination verify discovered subdomains before output. Supports custom resolver lists to reduce false positives and validate results against actual DNS records.

3

Pipeline-Native Design

STDIN/STDOUT support enables direct integration with security toolchains. Batch process domain lists with multiple output formats (JSON, plaintext) and YAML-based configuration for reproducible workflows.

package main

import (
    "github.com/projectdiscovery/subfinder/v2/pkg/runner"
)

func main() {
    options := &runner.Options{
        Threads: 10,
        Timeout: 30,
        Domains: []string{"example.com"},
    }
    
    subfinder, _ := runner.NewRunner(options)
    subfinder.RunEnumeration()
}

See how people are using Subfinder

Loading tweets...

Top in Security

1

Ghidra

65,041
2

PentestGPT

11,792
3

Gitleaks

25,126
4

FingerprintJS

26,656
5

CAI

7,236
See all →

Trending Repos

1

Pi Mono

17,222#1
2

OpenClaw

233,443#2
3

Zvec

8,089#3
4

Claude Code

70,649#4
5

Heretic

9,761#5
See all →
[ EXPLORE MORE ]

Related Repositories

Discover similar tools and frameworks used by developers

OpenSSL

C-based cryptographic library implementing TLS, DTLS, and QUIC protocols.

29,63411,066

age

Simple, secure file encryption tool and Go library with small keys and UNIX composability.

21,448613

Fail2Ban

Log-based intrusion prevention via dynamic firewall management.

17,0531,462

Sigma

YAML-based detection rules with SIEM query conversion.

10,1482,551

DOMPurify

DOM-based XSS sanitizer using native browser parsing.

16,674826