SubCat a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed.
SubCat is built for doing one thing only – passive subdomain enumeration, and it does that very well.
We have designed SubCat to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.
# Linux, Windows, MacOS
pip3 install -r requirements.txtAPI Key is needed before querying on third-party sites, such as Shodan, SecurityTrails, Virustotal, and BinaryEdge.
config.yaml.An example provider config file
binaryedge:
- 0bf8919b-aab9-42e4-9574-d3b639324597
- ac244e2f-b635-4581-878a-33f4e79a2c13
virustotal:
- AAAAClP1bJJSRMEAAAAClP1bJJSRMEYJazgwhJKrggRwKAYJazgwhJKrggRwKA
securitytrails: []
shodan:
- AAAAClP1bJJSRMEYJazgwhJKrggRwKA
python3 subcat.py -hThis will display help for the tool. Here are all the switches it supports.
Flags:
INPUT:
-d --domain string domains to find subdomains for
-l DOMAINLIST file containing list of domains for subdomain discovery
--scope SCOPE show only subdomains in scope
OUTPUT:
-sc, --status-code show response status code
-ip, --ip resolve IP address
-title, --title show page title
-silent, --silent show only subdomains in output
-o OUTPUT, --output OUTPUT
file to write output to
CONFIG:
-t THREADS, --threads THREADS
number of concurrent threads for resolving (default 40)
DEBUG:
-v show verbose output
-h, --help show this help message and exitcat domains | python3 subcat.pyecho hackerone.com | python3 subcat.py -silent | httpx -silent
http://hackerone.com
http://www.hackerone.com
http://docs.hackerone.com
http://api.hackerone.com
https://docs.hackerone.com
http://mta-sts.managed.hackerone.compython3 subcat.py -d hackerone.com
; ;
ρββΚ ;ββΝ
έΆχββββββββββββββββββΒ
;ΣΆχΜ΅΅ΫΝββββββββ Ϋ΅΅ΫβββΝ
όΆΆχβ Ά ββββ΅ Ά΅ βββββ
χΆΆΆφβΒ; Ϋ΅;έββββΒ; Ϋ΅ ρββββββ
ΆΆΆΆδβββββββββ;χββββββμβββββββ
ΪχχχχΧβββββββββββββββββββθθθθΚ
·ϊβθβζ Ϊθθβββββββββββββββμ ;όβΫ΅
·΅ ΅ΫΫΫΆΆθβββββββββθθΫ΅ ΅Ϋ΅
;ΣΆθββββΒΝρρρμ
;ΣΆΆβββββββββββμ
▄∞∞∞∞∞▄, ╒∞∞▄ ∞∞▄ ▄∞∞∞∞∞∞▄ ,▄∞∞∞∞▄ ▄∞∞4▄ ╒∞∞∞∞∞∞∞▄,
▐▄ ═▄▄▄ ▐█▐ ,▀ j' █▌█ ▄▄▄ ▀█▌█▀ ╓▄▄ ▀▄ ¡█ , ▐█ ▐▄▄▄ ▄▄██
▐▄ `'""▀██▐ █▌ j █▌█ `"" ▄█▌█ ▐█▀`▀▄██' M $██ █, `█ ▐█```
j▀▀███▌ ▐█▐ ▀▌▄█ ▀▀█ ▐███ █▌▄ ▀█▄▄▀ ▐█M▀. ▀█▄.▀ J▀
╚▄,,¬¬⌐▄█▌ ▀▄,,, ▄██ █,,,,,▓██▌ ▀▄,,,,▄█╩j▌,██▀▀▀▀▌,█▌`█,▐█
▀▀▀▀▀▀▀ ▀▀▀▀▀▀ ""▀▀▀▀▀▀ ▀▀▀""` ▀▀▀ ▀▀▀ ▀▀▀
΅qΆΆΆΆβββββββββββββββββββββΡ΅
ΫθΆΆΆββββββββββββββββΡ΅
΅ΫΫΫΫΝNNΝΫΫΫΐ΅΅
v{1.1.1#dev}@duty1g
[13:05:51] [INFO]: binaryedge.io 13 asset
[13:05:52] [INFO]: virustotal 18 asset
[13:05:53] [INFO]: urlscan.io 98 asset
[13:05:54] [INFO]: alienvault.com 59 asset
[13:06:28] [INFO]: wayback 193046 asset
[13:06:29] [INFO]: hackertarget.com 4 asset
[13:06:31] [INFO]: crt.sh 268 asset
[13:06:32] [INFO]: certspotter.com 12 asset
[13:06:33] [INFO]: bufferover.run 11 asset
[13:06:33] [INFO]: threatcrowd.org 4 asset
[13:06:33] [INFO]: Found 21 for hackerone.com
mta-sts.managed.hackerone.com
mta-sts.hackerone.com
mta-sts.forwarding.hackerone.com
a.ns.hackerone.com
b.ns.hackerone.com
docs.hackerone.com
go.hackerone.com
info.hackerone.com
links.hackerone.com
support.hackerone.com
api.hackerone.com
www.hackerone.com
hackerone.com
zendesk1.hackerone.com
zendesk3.hackerone.com
gslink.hackerone.com
zendesk4.hackerone.com
resources.hackerone.com
events.hackerone.com
zendesk2.hackerone.com
3d.hackerone.com
Learning Without Walls Remote education has long been a lifeline for students in rural areas…
Have you ever come across a picture on the internet and wondered where it came…
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…