Subscraper – Subdomain Enumeration Tool

SubScraper uses DNS brute force, Google & Bing scraping, and DNSdumpster to enumerate subdomains of a given host. the tool performs HTTP(S) requests and DNS “A” record lookups during the enumeration process to validate discovered subdomains. This provides further information to help prioritize targets and aid in potential next steps. Post-Enumeration, “CNAME” lookups are displayed to identify subdomain takeover opportunities.

Subscraper - subdomain enumeration tool
Subscraper – subdomain enumeration tool

Users also have the option of adding their API Key & Secret in the command line arguments. This will allow subdomain enumeration using the SSL Cert database.

There are the following supported options:

  • -s Only use internet to find subdomains
  • -b Only use DNS brute forcing to find subdomains
  • -csv Create CSV output file
  • -t MAX_THREADS Max threads (Default: 10)
  • -T TIMEOUT Timeout [seconds] for search threads (Default: 25)
  • -w SUBLIST Custom subdomain wordlist
  • –censys-api Add CensysIO API Key
  • –censys-secret Add CensysIO Secret

To have the best result user should generate required API keys and add them to integrate with more online third parties.

You can read more and download the tool over here:

Notify of
Inline Feedbacks
View all comments