Overview
SubdomainX is a powerful, all-in-one subdomain enumeration and reconnaissance tool designed for modern cybersecurity professionals, penetration testers, and security researchers.
Why Choose SubdomainX?
- All-in-One Solution: Combines 12+ popular enumeration tools into a single, unified interface
- High Performance: Multi-threaded architecture with intelligent resource management
- API Integration: Native integration with SecurityTrails, VirusTotal, Censys, and more
- Advanced Reporting: Beautiful HTML reports, JSON exports, and real-time progress tracking
- Resume Capability: Never lose progress with intelligent checkpointing system
- Smart Optimization: Built-in resource monitoring and performance recommendations
- Production Ready: Comprehensive error handling, logging, and validation
Perfect For:
- Security Researchers conducting comprehensive domain reconnaissance
- Penetration Testers performing thorough attack surface analysis
- Bug Bounty Hunters discovering hidden subdomains and assets
- Security Teams monitoring their organization's digital footprint
- Red Teams gathering intelligence for advanced persistent threats
Key Features
Intelligent Enumeration
- 12+ Tools Integrated: subfinder, amass, findomain, assetfinder, sublist3r, knockpy, dnsrecon, fierce, massdns, altdns, waybackurls, linkheader
- API-Powered Discovery: SecurityTrails, VirusTotal, Censys integration
- Custom Wordlists: Support for custom brute-forcing dictionaries
- Smart Filtering: Advanced filtering and deduplication
HTTP & Port Scanning
- httpx Integration: Comprehensive HTTP probing with status codes, headers, and technologies
- smap Integration: Fast port scanning with service detection
- Customizable Filters: Filter by status codes, ports, and response patterns
Advanced Monitoring
- Real-time Progress: Live progress bars with ETA calculations
- Resource Management: CPU and memory monitoring with optimization tips
- Checkpoint System: Save and resume interrupted scans seamlessly
- Comprehensive Logging: Detailed logs for debugging and analysis
Professional Reporting
- Multiple Formats: JSON, TXT, HTML, CSV, and security tool formats
- Security Tool Integration: Export to OWASP ZAP, Burp Suite, and Nessus formats
- Customizable Output: Flexible naming and directory structure
- Rich Metadata: Detailed scan information and statistics
- Export Ready: Compatible with other security tools and platforms
Quick Start
1. Install
# Install from source
go install github.com/itszeeshan/subdomainx@latest
# Or download pre-built binary
curl -sSL https://github.com/itszeeshan/subdomainx/releases/latest/download/subdomainx_$(uname -s)_$(uname -m).tar.gz | tar -xz
sudo mv subdomainx /usr/local/bin/2. Basic Usage
Single Domain Enumeration:
subdomainx --subfinder --httpx --max-http-targets 1000 example.comMultiple Domains:
echo "example.com" > domains.txt
subdomainx --wildcard domains.txt --format html --max-http-targets 500Security Tool Integration:
# Export to OWASP ZAP format
subdomainx --subfinder --httpx --format zap example.com
# Export to Burp Suite format
subdomainx --subfinder --httpx --format burp example.com
# Export to Nessus format
subdomainx --subfinder --httpx --format nessus example.com
# Export to CSV for spreadsheet analysis
subdomainx --subfinder --httpx --format csv example.comAPI-Powered Discovery:
# Set API keys
export SECURITYTRAILS_API_KEY="your_key"
export VIRUSTOTAL_API_KEY="your_key"
export CENSYS_API_ID="your_id"
export CENSYS_SECRET="your_secret"
# Use APIs
subdomainx --securitytrails --virustotal --censys example.comHigh-Performance Scan:
subdomainx --threads 20 --timeout 60 --subfinder --amass example.comResume Interrupted Scan:
# Resume from checkpoint
subdomainx --resume my_scanPro Tip: Always place flags before the domain argument:
subdomainx --tools domain.com # Correct subdomainx domain.com --tools # Incorrect
Advanced Examples
Comprehensive Reconnaissance
# Full enumeration with all tools
subdomainx --subfinder --amass --findomain --assetfinder --sublist3r \
--securitytrails --virustotal --censys \
--httpx --smap \
--format html --name comprehensive_scan example.comTargeted Enumeration
# Focus on specific tools for speed
subdomainx --subfinder --httpx --status-codes 200,301,302 \
--ports 80,443,8080,8443 example.comCustom Wordlist Brute Force
# Use custom wordlist for altdns
subdomainx --altdns --wordlist /path/to/custom_wordlist.txt example.comResume and Monitor
# Start scan with monitoring
subdomainx --verbose --subfinder --amass example.com
# Later resume if interrupted
subdomainx --resume example_com_scanWhat's Included
Enumeration Tools details
| Tool | Description | Installation |
|---|---|---|
| subfinder | Fast subdomain discovery | go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest |
| amass | In-depth subdomain enumeration | go install -v github.com/owasp-amass/amass/v4/...@master |
| findomain | Fast subdomain finder | curl -LO https://github.com/findomain/findomain/releases/latest/download/findomain-linux |
| assetfinder | Find subdomains and related assets | go install github.com/tomnomnom/assetfinder@latest |
| sublist3r | Python-based subdomain enumeration | pip install sublist3r |
| knockpy | Subdomain enumeration tool | pip install knockpy |
| dnsrecon | DNS enumeration tool | pip install dnsrecon |
| fierce | DNS reconnaissance tool | pip install fierce |
| massdns | High-performance DNS resolver | git clone https://github.com/blechschmidt/massdns.git |
| altdns | Subdomain permutation tool | pip install altdns |
| waybackurls | Wayback Machine URL finder | go install github.com/tomnomnom/waybackurls@latest |
| linkheader | HTTP Link header parser | Built-in |
API Services details
| Service | Description | API Key Required |
|---|---|---|
| SecurityTrails | Historical DNS data | ✅ |
| VirusTotal | Threat intelligence | ✅ |
| Censys | Internet-wide scanning data | ✅ |
| crt.sh | Certificate Transparency | ❌ |
| URLScan.io | Web scanning service | ✅ (optional) |
| ThreatCrowd | Threat intelligence | ❌ |
| HackerTarget | Security research platform | ✅ (optional) |
Scanning Tools details
| Tool | Description | Installation |
|---|---|---|
| httpx | Fast HTTP probe | go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest |
| smap | Port scanner | go install github.com/s0md3v/smap/cmd/smap@latest |
Security Tool Integration
SubdomainX now supports direct export to popular security tools, making it easy to integrate with your existing security workflows:
OWASP ZAP Integration
Export scan results in ZAP-compatible XML format for seamless integration with OWASP ZAP for web application security testing.
Burp Suite Integration
Generate Burp Suite-compatible XML files that can be imported directly into Burp Suite for further analysis and testing.
Nessus Integration
Create Nessus-compatible XML reports for vulnerability assessment and compliance reporting.
CSV Export
Export results in CSV format for analysis in spreadsheet applications or integration with other security platforms.
Next Steps
- Installation Guide - Get SubdomainX up and running
- CLI Reference - Complete command-line interface reference
- Examples - Practical usage examples and use cases
- Configuration - Learn about YAML configuration and CLI options
- Supported Tools - Detailed information about integrated tools