SubGrab - Yet another #subdomain finder #Recon
SubGrab - Advance Subdomain Recon
SubGrab - Advanced Subdomain Enumeration Tool
SubGrab is a powerful and feature-rich subdomain enumeration tool designed for security researchers, bug bounty hunters, and pentesters. It performs passive, active, and stealth recon, enriched with visual HTML reporting, Shodan, CT logs, DNS analysis, and more.
✨ Features
- 🔎 Passive Reconnaissance:
Certificate Transparency logs, Web Archives, Search Engines, DNSDumpster, GitHub, VirusTotal, Censys, SecurityTrails, and more. - 🌐 Advanced DNS Enumeration:
Brute-force with permutations, SRV records, Zone transfers, NSEC walking, Reverse DNS. - 🕵️ Stealth Mode:
Human-like delays, proxy support, randomized requests to avoid detection. - 🚀 Fast & Scalable:
Multi-threaded withThreadPoolExecutor
, supports thousands of subdomains quickly. - 📊 Rich Reporting:
Generatestxt
,csv
,json
, and interactive HTML dashboards. - 🔐 Takeover Detection:
Detects vulnerable subdomains by analyzing common misconfigurations.
🛠️ Installation
git clone https://github.com/yourusername/subgrab.git
cd subgrab
pip install -r requirements.txt
Or install dependencies manually:
pip install requests dnspython colorama beautifulsoup4 tqdm ratelimit
⚙️ Usage
🔧 Options:
-t, --threads Number of threads (default: 50)
--timeout Request timeout (default: 30)
--fast Skip resource-intensive steps
--stealth Randomized request timing
--proxy-file Provide a list of HTTP proxies
--wordlist Use a custom subdomain wordlist
--nameservers Custom DNS resolvers
# API keys
--shodan-key SHODAN API key
--securitytrails-key SecurityTrails API key
--virustotal-key VirusTotal API key
--censys-id Censys API ID
--censys-secret Censys API Secret
--github-token GitHub API Token
📁 Output
Results are saved in a folder like example.com_results/
:
all_subdomains.txt
active_subdomains.txt
scan_results.json
scan_results.csv
report.html
(interactive dashboard!)
👨💻 Author
Krishnendu Paul
💼 LinkedIn
📫 me@krishnendu.com
🔗 github.com/bidhata