SubCat a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed.
SubCat is built for doing one thing only – passive subdomain enumeration, and it does that very well.
We have designed SubCat to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.
# Linux, Windows, MacOS
pip3 install -r requirements.txtAPI Key is needed before querying on third-party sites, such as Shodan, SecurityTrails, Virustotal, and BinaryEdge.
config.yaml.An example provider config file
binaryedge:
- 0bf8919b-aab9-42e4-9574-d3b639324597
- ac244e2f-b635-4581-878a-33f4e79a2c13
virustotal:
- AAAAClP1bJJSRMEAAAAClP1bJJSRMEYJazgwhJKrggRwKAYJazgwhJKrggRwKA
securitytrails: []
shodan:
- AAAAClP1bJJSRMEYJazgwhJKrggRwKA
python3 subcat.py -hThis will display help for the tool. Here are all the switches it supports.
Flags:
INPUT:
-d --domain string domains to find subdomains for
-l DOMAINLIST file containing list of domains for subdomain discovery
--scope SCOPE show only subdomains in scope
OUTPUT:
-sc, --status-code show response status code
-ip, --ip resolve IP address
-title, --title show page title
-silent, --silent show only subdomains in output
-o OUTPUT, --output OUTPUT
file to write output to
CONFIG:
-t THREADS, --threads THREADS
number of concurrent threads for resolving (default 40)
DEBUG:
-v show verbose output
-h, --help show this help message and exitcat domains | python3 subcat.pyecho hackerone.com | python3 subcat.py -silent | httpx -silent
http://hackerone.com
http://www.hackerone.com
http://docs.hackerone.com
http://api.hackerone.com
https://docs.hackerone.com
http://mta-sts.managed.hackerone.compython3 subcat.py -d hackerone.com
; ;
ρββΚ ;ββΝ
έΆχββββββββββββββββββΒ
;ΣΆχΜ΅΅ΫΝββββββββ Ϋ΅΅ΫβββΝ
όΆΆχβ Ά ββββ΅ Ά΅ βββββ
χΆΆΆφβΒ; Ϋ΅;έββββΒ; Ϋ΅ ρββββββ
ΆΆΆΆδβββββββββ;χββββββμβββββββ
ΪχχχχΧβββββββββββββββββββθθθθΚ
·ϊβθβζ Ϊθθβββββββββββββββμ ;όβΫ΅
·΅ ΅ΫΫΫΆΆθβββββββββθθΫ΅ ΅Ϋ΅
;ΣΆθββββΒΝρρρμ
;ΣΆΆβββββββββββμ
▄∞∞∞∞∞▄, ╒∞∞▄ ∞∞▄ ▄∞∞∞∞∞∞▄ ,▄∞∞∞∞▄ ▄∞∞4▄ ╒∞∞∞∞∞∞∞▄,
▐▄ ═▄▄▄ ▐█▐ ,▀ j' █▌█ ▄▄▄ ▀█▌█▀ ╓▄▄ ▀▄ ¡█ , ▐█ ▐▄▄▄ ▄▄██
▐▄ `'""▀██▐ █▌ j █▌█ `"" ▄█▌█ ▐█▀`▀▄██' M $██ █, `█ ▐█```
j▀▀███▌ ▐█▐ ▀▌▄█ ▀▀█ ▐███ █▌▄ ▀█▄▄▀ ▐█M▀. ▀█▄.▀ J▀
╚▄,,¬¬⌐▄█▌ ▀▄,,, ▄██ █,,,,,▓██▌ ▀▄,,,,▄█╩j▌,██▀▀▀▀▌,█▌`█,▐█
▀▀▀▀▀▀▀ ▀▀▀▀▀▀ ""▀▀▀▀▀▀ ▀▀▀""` ▀▀▀ ▀▀▀ ▀▀▀
΅qΆΆΆΆβββββββββββββββββββββΡ΅
ΫθΆΆΆββββββββββββββββΡ΅
΅ΫΫΫΫΝNNΝΫΫΫΐ΅΅
v{1.1.1#dev}@duty1g
[13:05:51] [INFO]: binaryedge.io 13 asset
[13:05:52] [INFO]: virustotal 18 asset
[13:05:53] [INFO]: urlscan.io 98 asset
[13:05:54] [INFO]: alienvault.com 59 asset
[13:06:28] [INFO]: wayback 193046 asset
[13:06:29] [INFO]: hackertarget.com 4 asset
[13:06:31] [INFO]: crt.sh 268 asset
[13:06:32] [INFO]: certspotter.com 12 asset
[13:06:33] [INFO]: bufferover.run 11 asset
[13:06:33] [INFO]: threatcrowd.org 4 asset
[13:06:33] [INFO]: Found 21 for hackerone.com
mta-sts.managed.hackerone.com
mta-sts.hackerone.com
mta-sts.forwarding.hackerone.com
a.ns.hackerone.com
b.ns.hackerone.com
docs.hackerone.com
go.hackerone.com
info.hackerone.com
links.hackerone.com
support.hackerone.com
api.hackerone.com
www.hackerone.com
hackerone.com
zendesk1.hackerone.com
zendesk3.hackerone.com
gslink.hackerone.com
zendesk4.hackerone.com
resources.hackerone.com
events.hackerone.com
zendesk2.hackerone.com
3d.hackerone.com
Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…
Image credit:pexels.com If you think back to the early days of personal computing, you probably…
In an era defined by technological innovation, the way people handle and understand money has…
The online world becomes more visually driven with every passing year. Images spread across websites,…
General Working of a Web Application Firewall (WAF) A Web Application Firewall (WAF) acts as…
How to Send POST Requests Using curl in Linux If you work with APIs, servers,…