lightweight , fast and more than a passive subdomain enumeration tool
Features | Usage | Installation | Documentation
Subdominator is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential security vulnerabilities by efficiently enumerating subdomains some various free passive resources.
- fast and powerfull to enumerate subdomains.
- 50+ passive results to enumerate subdomains.
- configurable API keys setup
- integrated notification system
- local Database support to store data
- supports multiple output format (txt|html|pdf|json)
We request existing user to update their config yaml file with new resources by opening the config file in : $HOME/.config/Subdominator/provider-config.yaml and add the below resources:
builwith:
- your-api-key1
- your-api-key2
passivetotal:
- user-mail1:api-key1
- user-mail2:api-key2
trickest:
- your-api-key1
- your-api-key2by these your config yaml file will get updated or else check your yaml file that matches the below mentioned resources with *, The new users will required to update in next version if any new resources added in Subdominator.
subdominator -h
| | _) |
__| | | __ \ _` | _ \ __ `__ \ | __ \ _` | __| _ \ __|
\__ \ | | | | ( | ( | | | | | | | ( | | ( | |
____/ \__,_| _.__/ \__,_| \___/ _| _| _| _| _| _| \__,_| \__| \___/ _|
@RevoltSecurities
[DESCRIPTION]: Subdominator a passive subdomain enumeration that discovers subdomains for your targets using with passive and open source resources
[USAGE]:
subdominator [flags]
[FLAGS]:
[INPUT]:
-d, --domain : Target domain name for subdomain enumeration.
-dL, --domain-list : File containing multiple domains for bulk enumeration.
stdin/stdout : Supports input/output redirection.
[OUTPUT]:
-o, --output : Save results to a file.
-oD, --output-directory : Directory to save results (useful when -dL is specified).
-json, --json : Output results in JSON format.
[MODE]:
-shell, --shell : Enable interactive shell mode to work with subdominator Database,generate report and etc.
[OPTIMIZATION]:
-t, --timeout : Set timeout value for API requests (default: 30s).
-fw, --filter-wildcards : Filter out wildcard subdomains.
[CONFIGURATION]:
-cp, --config-path : Custom config file path for API keys (default: /home/sanjai/.config/Subdominator/provider-config.yaml).
-cdp, --config-db-path : Custom database config path (default: /home/sanjai/.cache/SubdominatorDB/subdominator.db).
-nt, --notify : Send notifications for found subdomains via Slack, Pushbullet.
-px, --proxy : Use an HTTP proxy for debugging requests.
-dork, --dork : Use a custom google dork for google resource (ex: -ir google --dork 'site:target.com -www -dev intext:secrets')
[RESOURCE CONFIGURATION]:
-ir, --include-resources : Specify sources to include (comma-separated).
-er, --exclude-resources : Specify sources to exclude (comma-separated).
-all, --all : Use all available sources for enumeration.
[UPDATE]:
-up, --update : Update Subdominator to the latest version (manual YAML update required).
-duc, --disable-update-check : Disable automatic update checks.
-sup, --show-updates : Show the latest update details.
[DEBUGGING]:
-h, --help : Show this help message and exit.
-v, --version : Show the current version and check for updates.
-s, --silent : Show only subdomains in output.
-ski, --show-key-info : Show API key errors (e.g., out of credits).
-sti, --show-timeout-info : Show timeout errors for sources.
-nc, --no-color : Disable colorized output.
-ls, --list-source : List available subdomain enumeration sources.
-V, --verbose : Enable verbose output.The following API services used by subdominator:
- AbuseIPDB → abuseipdb.com
- AlienVault → otx.alienvault.com
- Anubis → jldc.me/anubis
- ARP Syndicate → arpsyndicate.io
- BeVigil → bevigil.com
- BinaryEdge → binaryedge.io
- BufferOver → tls.bufferover.run
- BuiltWith → api.builtwith.com
- C99 → subdomainfinder.c99.nl
- Censys → censys.com
- CertSpotter → sslmate.com/certspotter
- Chaos → chaos.projectdiscovery.io
- CodeRog → rapidapi.com/coderog
- CommonCrawl → index.commoncrawl.org
- crt.sh → crt.sh
- Cyfare → cyfare.net
- Digitorus → digitorus.com
- DigitalYama → digitalyama.com
- DNSDumpster → dnsdumpster.com
- DNSRepo → dnsarchive.net
- Fofa → en.fofa.info
- Facebook → developers.facebook.com
- FullHunt → fullhunt.io
- Google → programmablesearchengine.google.com
- HackerTarget → hackertarget.com
- HudsonRock → cavalier.hudsonrock.com
- HunterMap → hunter.how
- IntelX → intelx.io
- LeakIX → leakix.net
- MerkleMap → merklemap.com
- MySSL → myssl.com
- Netlas → netlas.io
- Odin → odin.io
- Quake → quake.360.cn
- Racent → face.racent.com
- RapidAPI → rapidapi.com/hub
- RapidDNS → rapiddns.io
- RedHuntLabs → devportal.redhuntlabs.com
- RSECloud → rsecloud.com/search
- SecurityTrails → securitytrails.com
- Shodan → shodan.io
- ShodanX → github.com/RevoltSecurities/Shodanx
- ShrewdEye → shrewdeye.app
- SiteDossier → sitedossier.com
- ThreatCrowd → ci-www.threatcrowd.org
- Trickest → trickest.io
- URLScan → urlscan.io
- VirusTotal → virustotal.com
- WaybackArchive → archive.org/wayback
- WhoisXML → whoisxmlapi.com
- ZoomEyeAPI → www.zoomeye.hk
Ensure you have Python 3.12 or later installed before proceeding with the installation. You can verify your Python version using:
python3 --versionThe easiest way to install Subdominator is via PyPI:
pip install --upgrade subdominatorTo install the latest development version directly from GitHub:
pip install --upgrade git+https://github.com/RevoltSecurities/SubdominatorTo avoid dependency conflicts, you can install Subdominator using pipx:
pipx install subdominatorTo install the latest version from GitHub with pipx:
pipx install git+https://github.com/RevoltSecurities/SubdominatorFor users who want to contribute or modify the tool, clone and install directly from source:
git clone https://github.com/RevoltSecurities/Subdominator.git
cd Subdominator
pip install --upgrade pip
pip install -r requirements.txtAfter installation, you can verify if Subdominator is installed correctly by running:
subdominator --helpFor complete post-installation configuration, shell interface tutorials, and detailed usage instructions, please refer to the official SubDominator documentation:
✅ Post Installation Setup – Configure dependencies, API keys, and environment variables.
✅ Shell Interface Tutorial – Learn how to use subdominator -shell for managing subdomains interactively.
✅ Enumeration Techniques – Understand how to efficiently discover subdomains.
✅ Exporting & Reporting – Generate reports in TXT, JSON, HTML, or PDF formats.
✅ Advanced Features & Flags – Explore additional functionalities to enhance subdomain enumeration.
For the best experience, ensure you follow the latest updates in the documentation! 🚀
Subdominator is a promising tool that will never cause any threats to users or security researcher and its safe to use. Even without Users permissions subdominator will not update itself and I welcome everyone who are intrested contribute for Subdominator can create their issues and report it.
Subdominator is built by RevoltSecurities Team with ❤️ and your support will encourage us to improve the subdominator more and Community contributors are
Welcome to contribute for subdominator and If you love the subdominator support it by giving a ⭐ .