Sub Domains Finder Tools - Thebughacker

 How to Find Subdomains using automation tools? 

In this article, I am going to show you various methods and tools from which you can easily find the sub-domain of a domain. 

Below are the multiple methods all bug bounty hunters and cyber security personnel use. 

1. Finding Subdomain Using Amass | Subfinder 

Here is a quick recon used by bug bounty hunters to find subdomains.

Code: 
#!/bin/bash
# $1 => example.domain

amass enum --passive -d $1 -o domains_$1
assetfinder --subs-only $1 | tee -a domains_$1

subfinder -d $1 -o domains_subfinder_$1
cat domains_subfinder_$1 | tee -a domains_$1

sort -u domains_$1 -o domains_$1
cat domains_$1 | filter-resolved | tee -a domains_$1.txt
This code will provide you the all subdomain of a main domain. In order to run this above code you 
need to install a couple of tools in your system. 

Thanks, @TobiunddasMoe for the amazing tip.



2. VirusTotal Subdomain Finder

Virustotal is the website to analyze any domain. It is used to find suspicious files, malware, URLs. 

Using this online tool you can find IP addresses, sub-domain, APIs, etc. 

Virustotal subdomain

Step 2. Enter the Domain to find the subdomain. Example: google.com
Step 3: You will see four options, click on the RELATIONS tab

 
Step 4: Scroll down a little bit you will see the subdomain section. You will also be able to see the IP addresses of that subdomain. 








Previous Post Next Post

Contact Form