Skip to content

itszeeshan/subdomainx

Repository files navigation

SubdomainX Logo

SubdomainX

Advanced Subdomain Discovery & Security Reconnaissance Tool

Go Version License Go Report Card Go Reference GitHub release GitHub stars GitHub forks GitHub issues GitHub pull requests CI/CD Code Coverage

SubdomainX combines 12+ enumeration tools and 6+ API services into a single CLI. Run one command and get results from subfinder, amass, crt.sh, SecurityTrails, VirusTotal, and more — deduplicated and ready to use.

Install

go install github.com/itszeeshan/subdomainx/v2@latest

Or download a pre-built binary from the releases page.

Usage

# Enumerate subdomains with subfinder + HTTP probing
subdomainx --subfinder --httpx example.com

# Multiple tools + API sources
subdomainx --subfinder --amass --crtsh --securitytrails --virustotal example.com

# Multiple domains from a file
subdomainx --wildcard domains.txt --format html

# Export to security tools
subdomainx --subfinder --httpx --format burp example.com   # Also: zap, nessus, csv

Flags go before the domain: subdomainx --subfinder example.com

Features

Enumeration — subfinder, amass, findomain, assetfinder, sublist3r, knockpy, dnsrecon, fierce, massdns, altdns, waybackurls, linkheader

API Sources — SecurityTrails, VirusTotal, Censys, crt.sh, URLScan.io, HackerTarget

Scanning — HTTP probing via httpx, port scanning via smap

Screenshots — Capture screenshots of discovered subdomains with --screenshot

Tech Fingerprinting — Detect technologies running on subdomains with --tech

Takeover Detection — Check for subdomain takeover vulnerabilities with --takeover

Diff/Monitoring — Compare scans over time with --diff to track changes

Notifications — Get alerts via Slack, Discord, Telegram, or Email with --notify

Interactive TUI — Real-time dashboard with --tui

REST API Server — Run as an API server with subdomainx serve

Reports — HTML, JSON, TXT, CSV, plus Burp Suite, Nessus, and OWASP ZAP formats

Checkpointing — Resume interrupted scans with --resume

SubdomainX HTML Dashboard

Interactive HTML report

SubdomainX TUI Dashboard

Interactive TUI Dashboard

Documentation

subdomainx.vercel.app

Contributing

We welcome contributions! Here's how you can help:

  1. Report Bugs: Create an issue
  2. Suggest Features: Start a discussion
  3. Submit PRs: Fork the repo and submit pull requests
  4. Improve Docs: Help us make the documentation better
  5. Star the Repo: Show your support!

Development Setup

git clone https://github.com/itszeeshan/subdomainx.git
cd subdomainx
go mod download && go build -o subdomainx .

License

MIT — see LICENSE.

SubdomainX is designed for authorized security testing and research purposes only.

  • Always ensure you have proper authorization before scanning any domain
  • Respect rate limits and terms of service of target systems
  • Use responsibly and ethically
  • The authors are not responsible for any misuse of this tool

Acknowledgments

  • All the amazing open-source tools that make SubdomainX possible
  • The security community for continuous feedback and improvements
  • Contributors and users who help make this tool better

Happy Hunting! 🎯

Made with ❤️ by Zeeshan

About

all-in-one subdomain enumeration and reconnaissance tool designed for modern cybersecurity professionals, penetration testers, and security researchers.

Topics

Resources

License

Stars

21 stars

Watchers

1 watching

Forks

Packages

 
 
 

Contributors