Subdomain3 – Tool for Discovering Subdomains

Subdomain3 is a new generation of tool , It helps penetration testers to discover more information in a shorter time than other tools.The information includes subdomains, IP, CDN, and so on.

Many large organizations open tens of subdomains associating DNS records with foreign domains for official purposes. This is according to the business requirement while sometime sysadmins forget about them. After a period of time registered third-party domains expires which allow any attacker to use them for several attack vectors.

Subdomain3 - Tool for Discovering Subdomains
Subdomain3 – Tool for Discovering Subdomains

This tool include the following features:

  • More quick – Three patterns for speed. User can modify the configuration ( lib / file to speed-up.
  • CDN support – Determines whether the subdomain uses CDN storage automatically,even though the dict of CDN severs not contain the cname suffix.
  • RFC CIDR – Sorting ip and report CIDR (example that it not use CDN storage;
  • Multi-level subdomain support – Discover more subdomains,example:
  • Big dict support – Million of subs support
  • Less resource consumption – 1 CPU / 1 GB Memory / 1 Mbps bandwidth
  • More intelligent – Discover the fastest nameserver;The strategy of dynamically adjusting of dict by importing subdomains from other sources;Prevent dns cache pollution;

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments