The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more

The complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, multiple API Keys for sources and much more.

Chat with us

The next table offers you the comparison about what is in Plus version that is not in free version (current repo).

What Findomain can do?

It table gives you a idea why you should use findomain and what it can do for you. The domain used for the test was aol.com in the following BlackArch virtual machine:Host: KVM/QEMU (Standard PC (i440FX + PIIX, 1996) pc-i440fx-3.1) Kernel: 5.2.6-arch1-1-ARCH CPU: Intel (Skylake, IBRS) (4) @ 2.904GHz Memory: 139MiB / 3943MiB

The tool used to calculate the time, is the time command in Linux.Enumeration ToolSearch TimeTotal Subdomains FoundCPU UsageRAM UsageFindomainreal 0m5.515s84110Very LowVery Low

Summary: 84110 subdomains in 5.5 seconds.

Features

• Subdomains monitoring: put data to Discord, Slack or Telegram webhooks. See Subdomains Monitoring for more information.
• Multi-thread support for API querying, it makes that the maximun time that Findomain will take to search subdomains for any target is 15 seconds (in case of API’s timeout).
• Parallel support for subdomains resolution, in good network conditions can resolv about 3.5k of subdomains per minute.
• DNS over TLS support.
• Specific IPv4 or IPv6 query support.
• Discover subdomains without brute-force, it tool uses Certificate Transparency Logs and APIs.
• Discover only resolved subdomains.
• Discover subdomains IP for data analysis.
• Read target from user argument (-t) or file (-f).
• Write to one unique output file specified by the user all or only resolved subdomains.
• Write results to automatically named TXT output file(s).
• Hability to query directly the Findomain database created with Subdomains Monitoring for previous discovered subdomains.
• Hability to import and work data discovered by other tools.
• Quiet mode to run it silently.
• Cross platform support: Any platform, it’s written in Rust and Rust is multiplatform. See the documentation for instructions.
• Multiple API support.
• Possibility to use as subdomain resolver.
• Subdomain wildcard detection for accurate results.
• Support for subdomain discover using bruteforce method.
• Support for configuration file in TOML, JSON, HJSON, INI or YAML format.
• Custom DNS IP addresses for fast subdomains resolving (more than 60 per second by default, adjustable using the --threads option.

Findomain in depth

See Subdomains Enumeration: what is, how to do it, monitoring automation using webhooks and centralizing your findings for a detailed guide including real world examples of how you get the most out of the tool.

How it works?

It tool doesn’t use the common methods for sub(domains) discover, the tool uses Certificate Transparency logs and specific well tested APIs to find subdomains. It method make it tool the most faster and reliable. The tool make use of multiple public available APIs to perform the search. If you want to know more about Certificate Transparency logs, read https://www.certificate-transparency.org/

APIs that we are using at the moment:

• Certspotter
• Crt.sh Database (favorite) or Crt.sh HTTP API
• Virustotal
• Sublist3r
• Facebook **
• Spyse (CertDB) *
• Bufferover
• Threatcrowd
• Virustotal with apikey **
• AnubisDB
• Urlscan.io
• SecurityTrails **
• Threatminer
• C99 **
• Archive.org
• CTSearch

Notes

APIs marked with **, require an access token to work. Search in the Findomain documentation how to configure and use it.

APIs marked with * can optionally be used with an access token, create one if you start experiencing problems with that APIs. Search in the Findomain documentation how to configure and use it.

More APIs?

If you know other APIs that should be added, comment here.

Installation

We offer binarys ready to use for the following platforms (all are for 64 bits only):

• Linux
• Windows
• MacOS
• Aarch64 (Raspberry Pi)
• NixOS
• Docker

If you need to run Findomain in another platform, continue reading the documentation.

Issues and requests

If you have a problem or a feature request, open an issue.

Stargazers over time

Contributors

Code Contributors

This project exists thanks to all the people who contribute. See the contributors list.

Releases 92

Findomain v8.2.2Lateston Feb 2

+ 91 releases