Findomain V0.2.1 - The Fastest As Well As Cross-Platform Subdomain Enumerator

The fastest together with cross-platform subdomain enumerator.

Comparision
It comparision gives y'all a stance why y'all should purpose findomain instead of about other tools. The domain used for the seek was microsoft.com inwards the next BlackArch virtual machine:

Host: KVM/QEMU (Standard PC (i440FX + PIIX, 1996) pc-i440fx-3.1) Kernel: 5.2.6-arch1-1-ARCH CPU: Intel (Skylake, IBRS) (4) @ 2.904GHz Memory: 139MiB / 3943MiB

The tool used to calculate the time, is the time ascendancy inwards Linux. You tin encounter all the details of the tests inwards it link.

Enumeration Tool	Serch Time	Total Subdomains Found	CPU Usage	RAM Usage
Findomain	real 0m38.701s	5622	Very Low	Very Low
assetfinder	real 6m1.117s	4630	Very Low	Very Low
Subl1st3r	real 7m14.996s	996	Low	Low
Amass*	real 29m20.301s	332	Very Hight	Very Hight

• I can't hold off to the amass seek for finish, looks similar it volition never ends together with aditionally the resources usage is rattling hight.

Note: The benchmark was made the 10/08/2019, since it indicate other tools tin better things together with y'all volition got unlike results.

Features

• Discover subdomains without brute-force, it tool uses Certificate Transparency Logs.
• Discover subdomains amongst or without IP address according to user arguments.
• Read target from user declaration (-t).
• Read a listing of targets from file together with discovery their subdomains amongst or without IP together with also write to output files per-domain if specified past times the user, recursively.
• Write output to TXT file.
• Write output to CSV file.
• Write output to JSON file.
• Cross platform support: Any platform.
• Optional multiple API support.
• Proxy support.

Note: the proxy back upwardly is simply to proxify APIs requests, the actual implementation to discovery IP address of subdomains doesn't back upwardly proxyfing together with it's made using the host network yet if y'all purpose the -p option.

How it works?
It tool doesn't purpose the mutual methods for sub(domains) discover, the tool uses Certificate Transparency logs to discovery subdomains together with it method larn inwards tool the most faster together with reliable. The tool brand purpose of multiple world available APIs to perform the search. If y'all desire to know to a greater extent than well-nigh Certificate Transparency logs, read https://www.certificate-transparency.org/
APIs that nosotros are using at the moment:

• Certspotter: https://api.certspotter.com/
• Crt.sh : https://crt.sh
• Virustotal: https://www.virustotal.com/ui/domains/
• Sublit3r: https://api.sublist3r.com/
• Facebook: https://developers.facebook.com/docs/certificate-transparency

If y'all know other that should last added, opened upwardly an issue.

Supported platforms inwards our binary releases
All supported platforms inwards the binarys that nosotros laissez passer on are 64 bits exclusively together with nosotros don't direct maintain plans to add together back upwardly for 32 bits binary releases, if y'all desire to direct maintain back upwardly for 32 bits follow the documentation.

• Linux
• Windows
• MacOS
• ARM
• Aarch64 (Raspberry Pi)

Build for 32 bits or about other platform
If y'all desire to laid upwardly the tool for your 32 bits organisation or about other platform, follow it steps:
Note: You postulate to direct maintain rust, make together with perl installed inwards your organisation first.
Using the crate:

1. cargo install findomain
2. Execute the tool from $HOME/.cargo/bin. See the cargo-install documentation.

Using the Github source code:

1. Clone the repository or download the release source code.
2. Extract the unloose source code (only needed if y'all downloaded the compressed file).
3. Go to the folder where the source code is.
4. Execute cargo laid upwardly --release
5. Now your binary is inwards target/release/findomain together with y'all tin purpose it.

Installation Android (Termux)
Install the Termux package, opened upwardly it together with follow it commands:

$ pkg install rust brand perl $ cargo install findomain $ cd $HOME/.cargo/bin $ ./findomain

Installation inwards Linux using source code
If y'all desire to install it, y'all tin practice that manually compiling the source or using the precompiled binary.
Manually: You postulate to direct maintain Rust installed inwards your reckoner first.

$ git clone https://github.com/Edu4rdSHL/findomain.git $ cd findomain $ cargo laid upwardly --release $ sudo cp target/release/findomain /usr/bin/ $ findomain

Installation inwards Linux using compiled artifacts

$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-linux $ chmod +x findomain-linux $ ./findomain-linux

If y'all are using the BlackArch Linux distribution, y'all simply postulate to use:

$ sudo pacman -S findomain

Installation ARM

$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-arm $ chmod +x findomain-arm $ ./findomain-arm

Installation Aarch64 (Raspberry Pi)

$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-aarch64 $ chmod +x findomain-aarch64 $ ./findomain-aarch64

Installation Windows
Download the binary from https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-windows.exe
Open a CMD musical rhythm together with larn to the dir where findomain-windows.exe was downloaded.
Exec: findomain-windows inwards the CMD shell.

Installation MacOS

$ wget https://github.com/Edu4rdSHL/findomain/releases/latest/download/findomain-osx $ chmod +x findomain-osx.dms $ ./findomain-osx.dms

Usage
You tin purpose the tool inwards 2 ways, exclusively discovering the domain elevate or discovering the domain + the IP address.

findomain 0.2.0 Eduard Tolosa  H5N1 tool that purpose Certificates Transparency logs to discovery subdomains.  USAGE:     findomain [FLAGS] [OPTIONS]  FLAGS:     -a, --all-apis    Use all the available APIs to perform the search. It direct maintain to a greater extent than fourth dimension but y'all volition direct maintain a lot of                       to a greater extent than results.     -h, --help        Prints assist information     -i, --get-ip      Return the subdomain listing amongst IP address if resolved.     -V, --version     Prints version information  OPTIONS:     -f, --file         Sets the input file to use.     -o, --output 
    Write information to output file inwards the specified format. [possible values: txt, csv, json]     -p, --proxy       Use a proxy to brand the requests to the APIs.     -t, --target     Tar   larn host

Examples

1. Make a uncomplicated search of subdomains together with impress the information inwards the screen:

findomain -t example.com

2. Make a uncomplicated search of subdomains using all the APIs together with impress the information inwards the screen:

findomain -t example.com -a

3. Make a search of subdomains together with export the information to a CSV file:

findomain -t example.com -o csv

4. Make a search of subdomains using all the APIs together with export the information to a CSV file:

findomain -t example.com -a -o csv

5. Make a search of subdomains together with resolve the IP address of subdomains (if possible):

findomain -t example.com -i

6. Make a search of subdomains amongst all the APIs together with resolve the IP address of subdomains (if possible):

findomain -t example.com -i -a

7. Make a search of subdomains amongst all the APIs together with resolve the IP address of subdomains (if possible), exporting the information to a CSV file:

findomain -t example.com -i -a -o csv

8. Make a search of subdomains using a proxy (http://127.0.0.1:8080 inwards it case, the residuum of aguments proceed working inwards the same way, y'all simply postulate to add together the -p flag to the earlier commands):

findomain -t example.com -p http://127.0.0.1:8080

Follow inwards Twitter:

• https://twitter.com/sechacklabs (Team)
• https://twitter.com/edu4rdshl (Developer)

Download Findomain