99. List of tools for grabbing subdomains

General Tools

1. SubFinder

2. Findomain

3. Sublist3r

4. dnssearch

5. Sudomy

6. Assetfinder

7. Vita

8. PureDNS

9. GetAllUrls(GUA)

Frameworks

1. Amass

2. Sudomy

3. ReconFTW

4. DMitry

Dictionary attacks

1. knockPy

2. DNSRecon

3. MassDNS

Datasets

1. crt.sh

2. WaybackURLS

Permutation Scanning

1. AltDNS

DNS Databases

1. DNS Dumpster

2. Shodan

3. Pentest-tools

4. Rapid7 Forward DNS (FDNS)

5. Crobat

6. Subdomain finder by c99.nl

7. BufferOver

8. Spyse

Checking SubDomain Status Code

1. URLChecker

2. HTTProbe

Bash Extra resources

curl -s https://rapiddns.io/subdomain/example.com?full=1 | grep -oP '_blank">\K[^<]*' | grep -v http | sort -u

1. curl -s https://rapiddns.io/subdomain/example.com?full=1 >>>> Will download a list of all the domains from rapiddns

2. grep -oP '_blank">\K[^<]*' >>>> Will grep all the links that open in a new tab

3. Will grep all URLs that start with http

4. Will then sort the list

• https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/recon-and-osint/subdomain-enumeration

• https://github.com/CristinaSolana/subdomain-recon

• https://github.com/ARPSyndicate/kenzer

• https://github.com/bing0o/SubEnum

• https://github.com/gwen001/github-search/blob/master/github-subdomains.py