base on SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty ## Subdominator - Unleash the Power of Subdomain Enumeration <h1 align="center"> <img src="img/subdominator-v2.png" alt="Subdominator" width="450px"> <br> </h1> <div align="center"> **lightweight , fast and more than a passive subdomain enumeration tool** </div> <p align="center"> <a href="https://github.com/RevoltSecurities/Subdominator/tree/main#features">Features</a> | <a href="https://github.com/RevoltSecurities/Subdominator/tree/main#usage">Usage</a> | <a href="https://github.com/RevoltSecurities/Subdominator/tree/main#installation">Installation</a> | <a href="https://github.com/RevoltSecurities/Subdominator/tree/main#subdominator-documentation">Documentation</a> </p> <div align="center">   [](https://github.com/RevoltSecurities/Subdominator/blob/main/LICENSE) </div> Subdominator is a powerful tool for passive subdomain enumeration during bug hunting and reconnaissance processes. It is designed to help researchers and cybersecurity professionals discover potential security vulnerabilities by efficiently enumerating subdomains some various free passive resources. ### Features: --- <h1 align="center"> <img src="https://github.com/RevoltSecurities/Subdominator/assets/119435129/2a700962-6868-4a91-a8e8-2210189a4a23" width="700px"> <br> </h1> - fast and powerfull to enumerate subdomains. - 50+ passive results to enumerate subdomains. - configurable API keys setup - integrated notification system - local Database support to store data - supports multiple output format (txt|html|pdf|json) ### Yaml Updates: We request existing user to update their config yaml file with new resources by opening the config file in : ```$HOME/.config/Subdominator/provider-config.yaml``` and add the below resources: ```yaml builwith: - your-api-key1 - your-api-key2 passivetotal: - user-mail1:api-key1 - user-mail2:api-key2 trickest: - your-api-key1 - your-api-key2 ``` by these your config yaml file will get updated or else check your yaml file that matches the below mentioned resources with *, The new users will required to update in next version if any new resources added in Subdominator. ### Usage: --- ```code subdominator -h ``` ```yaml | | _) | __| | | __ \ _` | _ \ __ `__ \ | __ \ _` | __| _ \ __| \__ \ | | | | ( | ( | | | | | | | ( | | ( | | ____/ \__,_| _.__/ \__,_| \___/ _| _| _| _| _| _| \__,_| \__| \___/ _| @RevoltSecurities [DESCRIPTION]: Subdominator a passive subdomain enumeration that discovers subdomains for your targets using with passive and open source resources [USAGE]: subdominator [flags] [FLAGS]: [INPUT]: -d, --domain : Target domain name for subdomain enumeration. -dL, --domain-list : File containing multiple domains for bulk enumeration. stdin/stdout : Supports input/output redirection. [OUTPUT]: -o, --output : Save results to a file. -oD, --output-directory : Directory to save results (useful when -dL is specified). -json, --json : Output results in JSON format. [MODE]: -shell, --shell : Enable interactive shell mode to work with subdominator Database,generate report and etc. [OPTIMIZATION]: -t, --timeout : Set timeout value for API requests (default: 30s). -fw, --filter-wildcards : Filter out wildcard subdomains. [CONFIGURATION]: -cp, --config-path : Custom config file path for API keys (default: /home/sanjai/.config/Subdominator/provider-config.yaml). -cdp, --config-db-path : Custom database config path (default: /home/sanjai/.cache/SubdominatorDB/subdominator.db). -nt, --notify : Send notifications for found subdomains via Slack, Pushbullet. -px, --proxy : Use an HTTP proxy for debugging requests. -dork, --dork : Use a custom google dork for google resource (ex: -ir google --dork 'site:target.com -www -dev intext:secrets') [RESOURCE CONFIGURATION]: -ir, --include-resources : Specify sources to include (comma-separated). -er, --exclude-resources : Specify sources to exclude (comma-separated). -all, --all : Use all available sources for enumeration. [UPDATE]: -up, --update : Update Subdominator to the latest version (manual YAML update required). -duc, --disable-update-check : Disable automatic update checks. -sup, --show-updates : Show the latest update details. [DEBUGGING]: -h, --help : Show this help message and exit. -v, --version : Show the current version and check for updates. -s, --silent : Show only subdomains in output. -ski, --show-key-info : Show API key errors (e.g., out of credits). -sti, --show-timeout-info : Show timeout errors for sources. -nc, --no-color : Disable colorized output. -ls, --list-source : List available subdomain enumeration sources. -V, --verbose : Enable verbose output. ``` ### Subdominator Integrations: --- **The following API services used by subdominator**: - **AbuseIPDB** → [abuseipdb.com](https://abuseipdb.com) - **AlienVault** → [otx.alienvault.com](https://otx.alienvault.com) - **Anubis** → [jldc.me/anubis](https://jldc.me/anubis) - **ARP Syndicate** → [arpsyndicate.io](https://www.arpsyndicate.io/pricing.html) - **BeVigil** → [bevigil.com](https://bevigil.com/login) - **BinaryEdge** → [binaryedge.io](https://binaryedge.io) - **BufferOver** → [tls.bufferover.run](https://tls.bufferover.run/) - **BuiltWith** → [api.builtwith.com](https://api.builtwith.com/domain-api) - **C99** → [subdomainfinder.c99.nl](https://subdomainfinder.c99.nl/) - **Censys** → [censys.com](https://censys.com/) - **CertSpotter** → [sslmate.com/certspotter](https://sslmate.com/certspotter/) - **Chaos** → [chaos.projectdiscovery.io](https://chaos.projectdiscovery.io/) - **CodeRog** → [rapidapi.com/coderog](https://rapidapi.com/coderog-coderog-default/api/subdomain-finder5/pricing) - **CommonCrawl** → [index.commoncrawl.org](https://index.commoncrawl.org/) - **crt.sh** → [crt.sh](https://crt.sh) - **Cyfare** → [cyfare.net](https://cyfare.net) - **Digitorus** → [digitorus.com](https://www.digitorus.com/) - **DigitalYama** → [digitalyama.com](https://digitalyama.com/) - **DNSDumpster** → [dnsdumpster.com](https://dnsdumpster.com/) - **DNSRepo** → [dnsarchive.net](https://dnsarchive.net/) - **Fofa** → [en.fofa.info](https://en.fofa.info/) - **Facebook** → [developers.facebook.com](https://developers.facebook.com/) - **FullHunt** → [fullhunt.io](https://fullhunt.io/) - **Google** → [programmablesearchengine.google.com](https://programmablesearchengine.google.com/controlpanel/create) - **HackerTarget** → [hackertarget.com](https://hackertarget.com/) - **HudsonRock** → [cavalier.hudsonrock.com](https://cavalier.hudsonrock.com) - **HunterMap** → [hunter.how](https://hunter.how/) - **IntelX** → [intelx.io](https://intelx.io/) - **LeakIX** → [leakix.net](https://leakix.net/) - **MerkleMap** → [merklemap.com](https://www.merklemap.com) - **MySSL** → [myssl.com](https://myssl.com) - **Netlas** → [netlas.io](https://netlas.io/) - **Odin** → [odin.io](https://odin.io/) - **Quake** → [quake.360.cn](https://quake.360.cn/) - **Racent** → [face.racent.com](https://face.racent.com) - **RapidAPI** → [rapidapi.com/hub](https://rapidapi.com/hub) - **RapidDNS** → [rapiddns.io](https://rapiddns.io/) - **RedHuntLabs** → [devportal.redhuntlabs.com](https://devportal.redhuntlabs.com/) - **RSECloud** → [rsecloud.com/search](https://rsecloud.com/search) - **SecurityTrails** → [securitytrails.com](http://securitytrails.com/) - **Shodan** → [shodan.io](https://shodan.io) - **ShodanX** → [github.com/RevoltSecurities/Shodanx](https://github.com/RevoltSecurities/Shodanx) - **ShrewdEye** → [shrewdeye.app](https://shrewdeye.app/api) - **SiteDossier** → [sitedossier.com](https://sitedossier.com/) - **ThreatCrowd** → [ci-www.threatcrowd.org](http://ci-www.threatcrowd.org/) - **Trickest** → [trickest.io](https://trickest.io/) - **URLScan** → [urlscan.io](https://urlscan.io/) - **VirusTotal** → [virustotal.com](https://virustotal.com/) - **WaybackArchive** → [archive.org/wayback](https://archive.org/wayback) - **WhoisXML** → [whoisxmlapi.com](https://whoisxmlapi.com) - **ZoomEyeAPI** → [www.zoomeye.hk](https://www.zoomeye.hk/) ### Installation: --- Ensure you have **Python 3.12 or later** installed before proceeding with the installation. You can verify your Python version using: ```bash python3 --version ``` #### ✅ **Install Subdominator from PyPI** (Recommended) The easiest way to install Subdominator is via PyPI: ```bash pip install --upgrade subdominator ``` #### ✅ **Install the Latest Version from GitHub** To install the latest development version directly from GitHub: ```bash pip install --upgrade git+https://github.com/RevoltSecurities/Subdominator ``` #### ✅ **Install Using PIPX** (For Isolated Environments) To avoid dependency conflicts, you can install Subdominator using `pipx`: ```bash pipx install subdominator ``` To install the latest version from GitHub with `pipx`: ```bash pipx install git+https://github.com/RevoltSecurities/Subdominator ``` #### ✅ **Install from Git Source** (For Development) For users who want to contribute or modify the tool, clone and install directly from source: ```bash git clone https://github.com/RevoltSecurities/Subdominator.git cd Subdominator pip install --upgrade pip pip install -r requirements.txt ``` After installation, you can verify if Subdominator is installed correctly by running: ```bash subdominator --help ``` ### **SubDominator Documentation** For complete **post-installation configuration**, **shell interface tutorials**, and **detailed usage instructions**, please refer to the official SubDominator documentation: 🔗 **[SubDominator Docs](https://subdominator-docs.streamlit.app/)** ### **What You’ll Find in the Documentation:** ✅ **Post Installation Setup** – Configure dependencies, API keys, and environment variables. ✅ **Shell Interface Tutorial** – Learn how to use `subdominator -shell` for managing subdomains interactively. ✅ **Enumeration Techniques** – Understand how to efficiently discover subdomains. ✅ **Exporting & Reporting** – Generate reports in TXT, JSON, HTML, or PDF formats. ✅ **Advanced Features & Flags** – Explore additional functionalities to enhance subdomain enumeration. For the best experience, ensure you follow the latest updates in the documentation! 🚀 ### Security: --- Subdominator is a promising tool that will never cause any threats to users or security researcher and its safe to use. Even without Users permissions subdominator will not update itself and I welcome everyone who are intrested contribute for Subdominator can create their issues and report it. ### License: --- Subdominator is built by [RevoltSecurities](https://github.com/RevoltSecurities) Team with ❤️ and your support will encourage us to improve the `subdominator` more and Community contributors are Welcome to contribute for subdominator and If you love the `subdominator` support it by giving a ⭐ . ", Assign "at most 3 tags" to the expected json: {"id":"9970","tags":[]} "only from the tags list I provide: [{"id":77,"name":"3d"},{"id":89,"name":"agent"},{"id":17,"name":"ai"},{"id":54,"name":"algorithm"},{"id":24,"name":"api"},{"id":44,"name":"authentication"},{"id":3,"name":"aws"},{"id":27,"name":"backend"},{"id":60,"name":"benchmark"},{"id":72,"name":"best-practices"},{"id":39,"name":"bitcoin"},{"id":37,"name":"blockchain"},{"id":1,"name":"blog"},{"id":45,"name":"bundler"},{"id":58,"name":"cache"},{"id":21,"name":"chat"},{"id":49,"name":"cicd"},{"id":4,"name":"cli"},{"id":64,"name":"cloud-native"},{"id":48,"name":"cms"},{"id":61,"name":"compiler"},{"id":68,"name":"containerization"},{"id":92,"name":"crm"},{"id":34,"name":"data"},{"id":47,"name":"database"},{"id":8,"name":"declarative-gui "},{"id":9,"name":"deploy-tool"},{"id":53,"name":"desktop-app"},{"id":6,"name":"dev-exp-lib"},{"id":59,"name":"dev-tool"},{"id":13,"name":"ecommerce"},{"id":26,"name":"editor"},{"id":66,"name":"emulator"},{"id":62,"name":"filesystem"},{"id":80,"name":"finance"},{"id":15,"name":"firmware"},{"id":73,"name":"for-fun"},{"id":2,"name":"framework"},{"id":11,"name":"frontend"},{"id":22,"name":"game"},{"id":81,"name":"game-engine "},{"id":23,"name":"graphql"},{"id":84,"name":"gui"},{"id":91,"name":"http"},{"id":5,"name":"http-client"},{"id":51,"name":"iac"},{"id":30,"name":"ide"},{"id":78,"name":"iot"},{"id":40,"name":"json"},{"id":83,"name":"julian"},{"id":38,"name":"k8s"},{"id":31,"name":"language"},{"id":10,"name":"learning-resource"},{"id":33,"name":"lib"},{"id":41,"name":"linter"},{"id":28,"name":"lms"},{"id":16,"name":"logging"},{"id":76,"name":"low-code"},{"id":90,"name":"message-queue"},{"id":42,"name":"mobile-app"},{"id":18,"name":"monitoring"},{"id":36,"name":"networking"},{"id":7,"name":"node-version"},{"id":55,"name":"nosql"},{"id":57,"name":"observability"},{"id":46,"name":"orm"},{"id":52,"name":"os"},{"id":14,"name":"parser"},{"id":74,"name":"react"},{"id":82,"name":"real-time"},{"id":56,"name":"robot"},{"id":65,"name":"runtime"},{"id":32,"name":"sdk"},{"id":71,"name":"search"},{"id":63,"name":"secrets"},{"id":25,"name":"security"},{"id":85,"name":"server"},{"id":86,"name":"serverless"},{"id":70,"name":"storage"},{"id":75,"name":"system-design"},{"id":79,"name":"terminal"},{"id":29,"name":"testing"},{"id":12,"name":"ui"},{"id":50,"name":"ux"},{"id":88,"name":"video"},{"id":20,"name":"web-app"},{"id":35,"name":"web-server"},{"id":43,"name":"webassembly"},{"id":69,"name":"workflow"},{"id":87,"name":"yaml"}]" returns me the "expected json"