Finddomain is a tool that use Certificates Transparency logs to find subdomains.

How it works?

It tool doesn’t use the common methods for sub(domains) discover, the tool uses Certificate Transparency logs to find subdomains and it method make it tool very faster and reliable. If you want to know more about Certificate Transparency logs, read this

Also Read – How To Save Time With Automated Transcription Software

Installation

If you want to install it, you can do that manually compiling the source or using the precompiled binary.

Manually: You need to have Rust installed in your computer first.

$ git clone https://github.com/Edu4rdSHL/findomain.git
$ cd findomain
$ cargo build –release
$ sudo cp target/release/findomain /usr/bin/
$ findomain

Using the binary:

$ git clone https://github.com/Edu4rdSHL/findomain.git
$ sudo cp findomain/bin/findomain /usr/bin
$ findomain

If you are using the BlackArch Linux distribution, you just need to use:

$ sudo pacman -S findomain

Usage

You can use the tool in two ways, only discovering the domain name or discovering the domain + the IP address.

USAGE:
findomain [FLAGS] [OPTIONS]

FLAGS:
-h, –help Prints help information
-i, –get-ip Return the subdomain list with IP address if resolved.
-V, –version Prints version information
OPTIONS:
-f, –file Sets the input file to use.
-t, –target Target host

Demo