Subfinder
Fast passive subdomain enumeration tool
Recon & OSINT10 commands
#recon#subdomains#passive#osint
Installation
1Install Go 1.21+ on your system
2Run the installation command
3Verify installation
# Using Go
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
# Using Docker
docker pull projectdiscovery/subfinder:latest
# Verify
subfinder -versionBasic Usage
Subfinder is designed for passive subdomain discovery using various sources
# Basic scan
subfinder -d example.com
# With output file
subfinder -d example.com -o subdomains.txt
# Multiple domains
subfinder -dL domains.txt -o results.txt
# Silent mode with only results
subfinder -d example.com -silentCommand Reference
10 commands
1Target domain to enumerate
-d2File containing list of domains
-dL3Output file path
-o4Output in JSON format
-oJ5Show only results
-silent6Specific sources to use
-sources7Enable recursive enumeration
-recursive8Use all sources (slow)
-all9Config file path
-config10Number of threads
-tWhen to Use
1
Initial reconnaissance phase2
Expanding attack surface3
Before active scanning4
Bug bounty recon automation5
Asset discoveryNotes & Tips
1
Configure API keys in ~/.config/subfinder/provider-config.yaml for better results2
Free sources have rate limits3
Combine with other tools like httpx for live host detection4
Use -all flag sparingly as it's slow but thoroughCommon Errors & Solutions
No results found
Add API keys for sources like SecurityTrails, Shodan, Censys
Rate limit exceeded
Use -rl flag to set rate limit or wait before retrying
Config file not found
Run subfinder once to generate default config at ~/.config/subfinder/