SubGrab - Yet another #subdomain finder #Recon

GitHub - bidhata/SubGrab: Yet another Fast Subdomain Scanner with optional Shodan and other APIs

Yet another Fast Subdomain Scanner with optional Shodan and other APIs - bidhata/SubGrab

GitHubbidhata

SubGrab - Advanced Subdomain Enumeration Tool

SubGrab is a powerful and feature-rich subdomain enumeration tool designed for security researchers, bug bounty hunters, and pentesters. It performs passive, active, and stealth recon, enriched with visual HTML reporting, Shodan, CT logs, DNS analysis, and more.

✨ Features

• 🔎 Passive Reconnaissance:
  Certificate Transparency logs, Web Archives, Search Engines, DNSDumpster, GitHub, VirusTotal, Censys, SecurityTrails, and more.
• 🌐 Advanced DNS Enumeration:
  Brute-force with permutations, SRV records, Zone transfers, NSEC walking, Reverse DNS.
• 🕵️ Stealth Mode:
  Human-like delays, proxy support, randomized requests to avoid detection.
• 🚀 Fast & Scalable:
  Multi-threaded with ThreadPoolExecutor, supports thousands of subdomains quickly.
• 📊 Rich Reporting:
  Generates txt, csv, json, and interactive HTML dashboards.
• 🔐 Takeover Detection:
  Detects vulnerable subdomains by analyzing common misconfigurations.

🛠️ Installation

git clone https://github.com/yourusername/subgrab.git
cd subgrab
pip install -r requirements.txt

Or install dependencies manually:

pip install requests dnspython colorama beautifulsoup4 tqdm ratelimit

⚙️ Usage

python subgrab.py example.com

🔧 Options:

-t, --threads Number of threads (default: 50)
--timeout Request timeout (default: 30)
--fast Skip resource-intensive steps
--stealth Randomized request timing
--proxy-file Provide a list of HTTP proxies
--wordlist Use a custom subdomain wordlist
--nameservers Custom DNS resolvers

# API keys
--shodan-key SHODAN API key
--securitytrails-key SecurityTrails API key
--virustotal-key VirusTotal API key
--censys-id Censys API ID
--censys-secret Censys API Secret
--github-token GitHub API Token

📁 Output

Results are saved in a folder like example.com_results/:

• all_subdomains.txt
• active_subdomains.txt
• scan_results.json
• scan_results.csv
• report.html (interactive dashboard!)

👨‍💻 Author

Krishnendu Paul
💼 LinkedIn
📫 [email protected]
🔗 github.com/bidhata