SubCat a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed.
SubCat is built for doing one thing only – passive subdomain enumeration, and it does that very well.
We have designed SubCat to comply with all passive sources licenses, and usage restrictions, as well as maintained a consistently passive model to make it useful to both penetration testers and bug bounty hunters alike.
# Linux, Windows, MacOS
pip3 install -r requirements.txtAPI Key is needed before querying on third-party sites, such as Shodan, SecurityTrails, Virustotal, and BinaryEdge.
config.yaml.An example provider config file
binaryedge:
- 0bf8919b-aab9-42e4-9574-d3b639324597
- ac244e2f-b635-4581-878a-33f4e79a2c13
virustotal:
- AAAAClP1bJJSRMEAAAAClP1bJJSRMEYJazgwhJKrggRwKAYJazgwhJKrggRwKA
securitytrails: []
shodan:
- AAAAClP1bJJSRMEYJazgwhJKrggRwKA
python3 subcat.py -hThis will display help for the tool. Here are all the switches it supports.
Flags:
INPUT:
-d --domain string domains to find subdomains for
-l DOMAINLIST file containing list of domains for subdomain discovery
--scope SCOPE show only subdomains in scope
OUTPUT:
-sc, --status-code show response status code
-ip, --ip resolve IP address
-title, --title show page title
-silent, --silent show only subdomains in output
-o OUTPUT, --output OUTPUT
file to write output to
CONFIG:
-t THREADS, --threads THREADS
number of concurrent threads for resolving (default 40)
DEBUG:
-v show verbose output
-h, --help show this help message and exitcat domains | python3 subcat.pyecho hackerone.com | python3 subcat.py -silent | httpx -silent
http://hackerone.com
http://www.hackerone.com
http://docs.hackerone.com
http://api.hackerone.com
https://docs.hackerone.com
http://mta-sts.managed.hackerone.compython3 subcat.py -d hackerone.com
; ;
ρββΚ ;ββΝ
έΆχββββββββββββββββββΒ
;ΣΆχΜ΅΅ΫΝββββββββ Ϋ΅΅ΫβββΝ
όΆΆχβ Ά ββββ΅ Ά΅ βββββ
χΆΆΆφβΒ; Ϋ΅;έββββΒ; Ϋ΅ ρββββββ
ΆΆΆΆδβββββββββ;χββββββμβββββββ
ΪχχχχΧβββββββββββββββββββθθθθΚ
·ϊβθβζ Ϊθθβββββββββββββββμ ;όβΫ΅
·΅ ΅ΫΫΫΆΆθβββββββββθθΫ΅ ΅Ϋ΅
;ΣΆθββββΒΝρρρμ
;ΣΆΆβββββββββββμ
▄∞∞∞∞∞▄, ╒∞∞▄ ∞∞▄ ▄∞∞∞∞∞∞▄ ,▄∞∞∞∞▄ ▄∞∞4▄ ╒∞∞∞∞∞∞∞▄,
▐▄ ═▄▄▄ ▐█▐ ,▀ j' █▌█ ▄▄▄ ▀█▌█▀ ╓▄▄ ▀▄ ¡█ , ▐█ ▐▄▄▄ ▄▄██
▐▄ `'""▀██▐ █▌ j █▌█ `"" ▄█▌█ ▐█▀`▀▄██' M $██ █, `█ ▐█```
j▀▀███▌ ▐█▐ ▀▌▄█ ▀▀█ ▐███ █▌▄ ▀█▄▄▀ ▐█M▀. ▀█▄.▀ J▀
╚▄,,¬¬⌐▄█▌ ▀▄,,, ▄██ █,,,,,▓██▌ ▀▄,,,,▄█╩j▌,██▀▀▀▀▌,█▌`█,▐█
▀▀▀▀▀▀▀ ▀▀▀▀▀▀ ""▀▀▀▀▀▀ ▀▀▀""` ▀▀▀ ▀▀▀ ▀▀▀
΅qΆΆΆΆβββββββββββββββββββββΡ΅
ΫθΆΆΆββββββββββββββββΡ΅
΅ΫΫΫΫΝNNΝΫΫΫΐ΅΅
v{1.1.1#dev}@duty1g
[13:05:51] [INFO]: binaryedge.io 13 asset
[13:05:52] [INFO]: virustotal 18 asset
[13:05:53] [INFO]: urlscan.io 98 asset
[13:05:54] [INFO]: alienvault.com 59 asset
[13:06:28] [INFO]: wayback 193046 asset
[13:06:29] [INFO]: hackertarget.com 4 asset
[13:06:31] [INFO]: crt.sh 268 asset
[13:06:32] [INFO]: certspotter.com 12 asset
[13:06:33] [INFO]: bufferover.run 11 asset
[13:06:33] [INFO]: threatcrowd.org 4 asset
[13:06:33] [INFO]: Found 21 for hackerone.com
mta-sts.managed.hackerone.com
mta-sts.hackerone.com
mta-sts.forwarding.hackerone.com
a.ns.hackerone.com
b.ns.hackerone.com
docs.hackerone.com
go.hackerone.com
info.hackerone.com
links.hackerone.com
support.hackerone.com
api.hackerone.com
www.hackerone.com
hackerone.com
zendesk1.hackerone.com
zendesk3.hackerone.com
gslink.hackerone.com
zendesk4.hackerone.com
resources.hackerone.com
events.hackerone.com
zendesk2.hackerone.com
3d.hackerone.com
Managing software on Linux becomes much easier when you know how to List Installed Packages…
Introduction Variables are one of the most important basics of Bash scripting. A variable is…
Introduction Running a Bash script in Linux is a basic but important skill for anyone…
Introduction Writing your first Bash script in Linux is one of the best ways to…
Docker has become one of the most important tools in modern software development. If you…
The APT Command Linux users rely on is one of the most powerful tools for…