Subdomain Enumeration Tool

A clean and simple Python tool for discovering subdomains through brute force enumeration. Perfect for cybersecurity professionals, penetration testers, and bug bounty hunters.

Features

🔍 Subdomain Discovery

• Brute Force Enumeration: Tests 900+ common subdomain names
• Multi-threaded Processing: Configurable thread count for speed
• HTTP Status Detection: Identifies active subdomains with status codes
• IP Resolution: Automatically resolves IP addresses
• Custom Wordlists: Support for custom wordlist files

📊 Output Features

• Real-time Results: Live display of found subdomains
• Summary Report: Complete enumeration summary
• File Export: Save results to text file
• Status Codes: HTTP response codes for each subdomain

Installation

Prerequisites

• Python 3.7+
• Internet connection
• Target domain authorization

Dependencies

# Install required packages
pip install requests

# Or on Kali Linux
sudo apt install python3-requests

Setup

# Download the tool
git clone https://github.com/Sergios9494/subdomain-enum-tool.git
cd subdomain-enum-tool

# Make executable
chmod +x subdomain_enum.py

Usage

Basic Usage

# Simple enumeration
python3 subdomain_enum.py example.com

# With custom thread count
python3 subdomain_enum.py example.com -t 20

# With custom output file
python3 subdomain_enum.py example.com -o results.txt

Advanced Usage

# Use custom wordlist
python3 subdomain_enum.py example.com -w custom_wordlist.txt

# High-speed enumeration
python3 subdomain_enum.py example.com -t 50 -o fast_results.txt

Command Line Options

positional arguments:
  domain                Target domain to enumerate

options:
  -h, --help            show this help message and exit
  -w, --wordlist WORDLIST
                        Custom wordlist file
  -t, --threads THREADS
                        Number of threads (default: 10)
  -o, --output OUTPUT   Output file name

Examples

Example 1: Basic Enumeration

python3 subdomain_enum.py google.com

Output:

[+] Starting subdomain enumeration for google.com
[+] Using 936 words with 10 threads
--------------------------------------------------
[+] Found: www.google.com -> 142.250.74.68 [200]
[+] Found: mail.google.com -> 172.217.21.165 [301]
[+] Found: admin.google.com -> 142.250.74.142 [302]
[+] Found: blog.google.com -> 142.250.74.137 [301]
...

==================================================
SUMMARY for google.com
==================================================
Total subdomains found: 71
[+] Results saved to subdomains_google.com.txt

Example 2: Custom Wordlist

python3 subdomain_enum.py target.com -w my_wordlist.txt -t 15

Example 3: High-Speed Enumeration

python3 subdomain_enum.py example.com -t 50 -o quick_scan.txt

Wordlist

The tool includes a comprehensive built-in wordlist with 900+ common subdomains:

• Common prefixes: www, mail, ftp, admin, api, app
• Service names: smtp, pop, imap, dns, ldap
• Environment: dev, test, staging, prod, beta
• Functions: download, upload, backup, support, help
• Technology: cloud, api, cdn, static, media
• And many more...

Output Files

The tool automatically generates:

• subdomains_[domain].txt - Complete results file
• Console output with real-time findings
• Summary statistics

Output Format

Subdomain Enumeration Results for example.com
==================================================

www.example.com -> 192.168.1.1 [200]
mail.example.com -> 192.168.1.2 [301]
admin.example.com -> 192.168.1.3 [302]
api.example.com -> 192.168.1.4 [404]

Performance Tips

1. Thread Count:

   • Default: 10 threads
   • Fast networks: 20-50 threads
   • Slow networks: 5-10 threads

2. Wordlist Size:

   • Built-in: 900+ words
   • Custom: Any size
   • Large wordlists: Use more threads

3. Network Considerations:

   • Respect rate limits
   • Monitor for blocking
   • Use appropriate delays

Security Considerations

⚠️ Important: This tool is designed for:

• Authorized penetration testing
• Bug bounty hunting (with proper authorization)
• Security research on your own infrastructure
• Educational purposes

Legal Notice

• Always obtain proper authorization before testing
• Respect robots.txt and rate limiting
• Use responsibly and ethically
• The author is not responsible for misuse

Troubleshooting

Common Issues

No Results Found

• Check if domain exists
• Verify network connectivity
• Try with fewer threads
• Check for rate limiting

Permission Denied

chmod +x subdomain_enum.py

Module Not Found

pip install requests
# or
sudo apt install python3-requests

Slow Performance

• Reduce thread count
• Check network speed
• Use smaller wordlist

Customization

Adding Custom Words

Create a text file with one subdomain per line:

custom1
custom2
api-v2
mobile-app

Modifying Built-in Wordlist

Edit the self.wordlist array in the script to add/remove words.

Contributing

Contributions are welcome! Please feel free to submit:

• Bug reports
• Feature requests
• Code improvements
• Documentation updates

License

This project is licensed under the MIT License.

Author

Sergios9494 - Cybersecurity Professional

• GitHub: @Sergios9494

Acknowledgments

• Inspired by Udemy Python Hacking course
• Built for the cybersecurity community
• Designed for educational and professional use

---

Happy Subdomain Hunting! 🎯