#Subdomain-enumeration

Showing 58 of 58 repositories tagged #subdomain-enumeration, ranked by stars

laramies
laramies
theHarvester

E-mails, subdomains and names Harvester - OSINT

Score
100
β˜… 16.7k β‘‚ 2.5k +85/day
Python
projectdiscovery
projectdiscovery
subfinder

Fast passive subdomain enumeration tool.

Score
100
β˜… 14.0k β‘‚ 1.6k +14/day
Go
blacklanternsecurity
blacklanternsecurity
bbot

The recursive internet scanner for hackers. 🧑

Score
88
β˜… 10.1k β‘‚ 876 +17/day
Python
shmilylty
shmilylty
OneForAll

OneForAllζ˜―δΈ€ζ¬ΎεŠŸθƒ½εΌΊε€§ηš„ε­εŸŸζ”Άι›†ε·₯ε…·

Score
75
β˜… 9.9k β‘‚ 1.4k +23/day
Python
six2dez
six2dez
reconftw

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Score
100
β˜… 7.8k β‘‚ 1.2k +60/day
Shell
guelfoweb
guelfoweb
knockpy

Knock Subdomain Scan

Score
98
β˜… 4.2k β‘‚ 882 +1/day
Python
thewhiteh4t
thewhiteh4t
FinalRecon

All In One Web Recon

Score
62
β˜… 2.8k β‘‚ 499 +6/day
Python
nsonaniya2010
nsonaniya2010
SubDomainizer

A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.

Score
38
β˜… 1.9k β‘‚ 236 β€”
Python
Autumn-27
Autumn-27
ScopeSentry

ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes

Score
95
β˜… 1.5k β‘‚ 214 +5/day
Go
m8sec
m8sec
subscraper

Subdomain and target enumeration tool built for offensive security testing

Score
25
β˜… 966 β‘‚ 108 β€”
Python
Esc4iCEscEsc
Esc4iCEscEsc
skanuvaty

Dangerously fast DNS/network/port scanner

Score
100
β˜… 924 β‘‚ 90 β€”
Rust
RevoltSecurities
RevoltSecurities
Subdominator

SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty

Score
50
β˜… 788 β‘‚ 125 +5/day
Python
uphiago
uphiago
recon-skills

156 offensive security skills for recon and pentest. Field-validated techniques from 600+ targets across 45+ sectors. Updated with browser fingerprint evasion, anti-bot bypass, hardcoded credential hunting, SCADA/ICS enumeration.

Score
93
β˜… 723 β‘‚ 138 +146/day
Python
Cgboal
Cgboal
SonarSearch

A rapid API for the Project Sonar dataset

Score
79
β˜… 656 β‘‚ 95 +1/day
Go
yunxu1
yunxu1
dnsub

dnsubδΈ€ζ¬Ύε₯½η”¨δΈ”εΌΊε€§ηš„ε­εŸŸεζ‰«ζε·₯ε…·

Score
0
β˜… 623 β‘‚ 81 β€”
Go
yyhuni
yyhuni
xingrin

Open-source attack surface management and authorized security automation platform for asset discovery, service probing, scan orchestration, and security result management.

Score
91
β˜… 593 β‘‚ 83 +6/day
TypeScript
v4d1
v4d1
Dome

Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

Score
74
β˜… 541 β‘‚ 75 +1/day
Python
ByCh4n
ByCh4n
BCHackTool

πŸ”₯ Professional Penetration Testing Framework v4.0 - Automated subdomain enumeration, vulnerability scanning with Nuclei, port scanning, and comprehensive HTML reports. Features parallel scanning, resume capability, and real-time progress tracking.

Score
88
β˜… 531 β‘‚ 88 +1/day
Shell
Vyntral
Vyntral
god-eye

AI-powered subdomain enumeration tool with local LLM analysis via Ollama - 100% private, zero API costs

Score
50
β˜… 511 β‘‚ 69 β€”
Go
medpaf
medpaf
hawk

Network, recon and offensive-security tool for Linux.

Score
65
β˜… 326 β‘‚ 62 +1/day
Python
trickest
trickest
mksub

Generate tens of thousands of subdomain combinations in a matter of seconds

Score
63
β˜… 276 β‘‚ 27 β€”
Go
clickswave
clickswave
voyage

Voyage is a stateful subdomain enumeration tool that combines passive and active techniques, user-specific databases, and fine-grained control built for efficient and reliable subdomain reconnaissance.

Score
67
β˜… 258 β‘‚ 14 β€”
Rust
skynet0x01
skynet0x01
tugarecon

TugaRecon is an advanced subdomain reconnaissance and intelligence framework built for security researchers, penetration testers and OSINT professionals. It combines OSINT enumeration, semantic analysis, temporal intelligence and automated reactions to continuously improve asset discovery and prioritization.

Score
86
β˜… 219 β‘‚ 36 +1/day
Python
trickest
trickest
dsieve

Filter and enrich a list of subdomains by level

Score
51
β˜… 212 β‘‚ 25 β€”
Go
blackhatethicalhacking
blackhatethicalhacking
SQLMutant

SQLMutant is a powerful SQL injection testing tool that includes both passive and active reconnaissance processes for any given domain. It filters URLs to identify those with parameters susceptible to SQL injection formats and then performs injection attacks. These attacks include pattern matching, error analysis, and timing attacks.

Score
49
β˜… 162 β‘‚ 38 β€”
Shell
JannisKirschner
JannisKirschner
Horn3t

Powerful Visual Subdomain Enumeration at the Click of a Mouse

Score
42
β˜… 138 β‘‚ 26 β€”
Python
devanshbatham
devanshbatham
CertEagle

Weaponizing Live CT logs for automated monitoring ofΒ assets

Score
44
β˜… 135 β‘‚ 35 β€”
Python
mrco24
mrco24
OK-VPS

Bug Bounty Vps Setup Tools

Score
84
β˜… 122 β‘‚ 45 β€”
Shell
hueristiq
hueristiq
xsubfind3r

A command-line utility designed to discover subdomains for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact directly with the target but instead gathers data that is already publicly available.

Score
81
β˜… 120 β‘‚ 9 β€”
Go
0xTas
0xTas
zenbuster

Multi-threaded URL enumeration/content-discovery tool in Python.

Score
37
β˜… 106 β‘‚ 26 β€”
Python
A3h1nt
A3h1nt
Subcert

Subcert is a subdomain enumeration tool, that finds all the subdomains from certificate transparency logs.

Score
12
β˜… 79 β‘‚ 14 β€”
Python
loseys
loseys
Goblyn

Goblyn is a Python tool focused to enumeration and capture of website files metadata.

Score
0
β˜… 74 β‘‚ 9 β€”
Python
hackThacker
hackThacker
Bug-Bounty-Tools

Your Comprehensive Collection of Bug Bounty Tools for Effective Cybersecurity Testing

Score
30
β˜… 67 β‘‚ 1 β€”
PAST2212
PAST2212
domainthreat

Newly registered Domain Monitoring to detect phishing and brand impersonation with subdomain enumeration and source code scraping

Score
53
β˜… 65 β‘‚ 15 β€”
Python
vikrantbatra05
vikrantbatra05
HuntTheBug

Advanced reconnaissance framework for bug bounty hunters - Automate subdomain enumeration, vulnerability scanning, and security reconnaissance with 30+ integrated tools.

Score
77
β˜… 60 β‘‚ 17 β€”
Shell
eredotpkfr
eredotpkfr
subscan

⚑ A subdomain enumeration tool leveraging diverse techniques, designed for advanced pentesting operations

Score
0
β˜… 52 β‘‚ 2 β€”
Rust
rix4uni
rix4uni
subdog

A powerful subdomain enumeration tool that aggregates data from multiple sources to create comprehensive lists of root subdomains.

Score
72
β˜… 50 β‘‚ 11 +1/day
Go
HunxByts
HunxByts
SubDump

a tool that functions to find subdomains of a website with the scanning method

Score
26
β˜… 42 β‘‚ 9 β€”
Python
rix4uni
rix4uni
haktrailsfree

Get 10k subdomains in securitytrails using cookie without apikey.

Score
47
β˜… 40 β‘‚ 17 β€”
Go
ExploitCraft
ExploitCraft
ReconNinja

⚑ ReconNinja v9.1.2 β€” 38-phase recon framework for pentesters & bug bounty hunters. Subdomain enum β†’ port scan β†’ web recon β†’ WAF/CORS/JS/cloud bucket detection β†’ GitHub OSINT β†’ CVE lookup β†’ AI threat analysis β†’ HTML report. Domains, IPs, CIDRs, target lists. Plugin system. 598 tests.

Score
70
β˜… 40 β‘‚ 8 β€”
Python
mikaww1
mikaww1
Subdomain-Takeover-Checker

A tool for detecting subdomain takeover vulnerabilities by checking DNS records

Score
58
β˜… 32 β‘‚ 1 β€”
HTML
blackhatethicalhacking
blackhatethicalhacking
bf_active_sub

Subdomain Bruteforce - Bounty Quick Code

Score
23
β˜… 32 β‘‚ 10 β€”
Shell
HJ23
HJ23
Raptor

Passive subdomain enumeration tool with http-probe.

Score
16
β˜… 32 β‘‚ 4 β€”
Python
badchars
badchars
osint-mcp-server

OSINT intelligence MCP server for AI agents β€” 37 tools, 12 sources. Shodan, VirusTotal, Censys, SecurityTrails, DNS reconnaissance, WHOIS, certificate transparency, BGP routing, Wayback Machine, GeoIP. Automated open source intelligence and attack surface mapping via Model Context Protocol.

Score
60
β˜… 31 β‘‚ 7 +4/day
TypeScript
adelaramadhina
adelaramadhina
bountycatchremix

Bug bounty domain manager with validation, exports & Redis storage ✨

Score
21
β˜… 30 β‘‚ 9 β€”
Python
blackhatethicalhacking
blackhatethicalhacking
bheh-sub-pwner

This bash script tool, will perform advanced subdomain enumeration, save the results, it will then probe the subdomains into urls, save the results in a separate file, it will then resolve all the subdomains into ip addresses and save the results separately.

Score
19
β˜… 27 β‘‚ 10 β€”
Shell
sp34rh34d
sp34rh34d
DirRunner

Enumeration & fingerprint tool

Score
56
β˜… 24 β‘‚ 3 β€”
Go
cyb3ratul
cyb3ratul
subtron

Subtron is a professional grade subdomain enumeration toolkit designed for security researchers, penetration testers, and bug bounty hunters. It automates the discovery of subdomains by integrating multiple industry-standard tools such as Amass, Subfinder, Assetfinder, Httpx, and crt.sh. The results are consolidated, deduplicated, and organized.

Score
40
β˜… 24 β‘‚ 3 β€”
Shell
kljunowsky
kljunowsky
HuntersEye

HuntersEye is designed for Bug Bounty Hunters, and Security Researchers to monitor new subdomains and certificates for specified domains. The primary goal is to streamline and expedite the process of monitoring newly registered subdomains and SSL certificates related to specified target domains.

Score
12
β˜… 21 β‘‚ 2 β€”
Python
cyb3rzest
cyb3rzest
vasuki

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

Score
28
β˜… 19 β‘‚ 8 β€”
Shell
n0mi1k
n0mi1k
gosublister

An subdomain enumerator for web URLs using the power of Goroutines.

Score
7
β˜… 18 β‘‚ 0 β€”
Go
medjahdi
medjahdi
RedTiger

RedTiger - Automated XSS vulnerability testing tool with intelligent endpoint filtering and beautiful terminal UI

Score
9
β˜… 15 β‘‚ 5 β€”
Python
47hxl-53r
47hxl-53r
webcr4wl

This tool is used for web penetration testing features like subnet scanning, directory enumeration, port scanning and more

Score
14
β˜… 14 β‘‚ 6 β€”
Python
fkmrshl
fkmrshl
dark-nexus

All-in-one network Intelligence Suite: Port Scanner, Subdomain scan, DNS & Traceroute tool for security auditing and reconnaissance.

Score
35
β˜… 14 β‘‚ 0 β€”
C++
Adkali
Adkali
Subxenum

Tool for enumerate subdomains by Brute-force, or by using different options while grabbing results.

Score
5
β˜… 14 β‘‚ 1 β€”
Python
krishealty
krishealty
knockknock

A Simple Tool to gather information from any website, domain, sub-domain, DNS, links by enumeration with simple commands.

Score
2
β˜… 13 β‘‚ 1 β€”
Go
expl0itlab
expl0itlab
ReconOPS

A structured recon-only framework for bug bounty hunters, from DNS basics to JS mining, API discovery, and automation pipelines.

Score
33
β˜… 11 β‘‚ 0 β€”
Shell
NeverSpot
NeverSpot
sub4bug

This is automation tool which utilize 2 sub -domain finder and then sort out working sub-domain and finally scan for sub-doamin TAKEOVER.

Score
0
β˜… 11 β‘‚ 1 β€”
Shell
Related Topics
#penetration-testing#bugbounty#reconnaissance#osint#pentesting#hacking#subdomain-scanner#cybersecurity#recon#bug-bounty#security-tools#subdomain

Β© 2026 GitRepoTrend Β· GitHub repositories by topic Β· Updated weekly