S4E

Subdomain Finder Online

Subdomains often address different sections of a website (blog, e-mail, admin panel or another application). Each subdomain could be a new attack vector for you.

Short Info


Level

Informational

Single Scan

Single Scan

Can be used by

Everyone

Estimated Time

5 minutes

Time Interval

1 week

Scan only one

Domain

Toolbox

-
Subdomain Finder Online

What is a Subdomain?

Subdomains are created to organize and access different website sections such as the blog, e-mail, etc. You can create multiple subdomains linked with the main domain.

For example, if your domain name is s4e.io, you can open subdomains such as admin.s4e.io, mail.s4e.io, or premium.s4e.io.

 

Why is it important to find subdomains?

 

For attackers, detecting the subdomains means new attack vectors. You might have a secure application and you might be doing security tests and system consolidation regularly. But if there is a vulnerability in another application that pages a connection with your application and database, these are not important. You probably heard you are always as safe as your weakest link.

In some cases, subdomains might be less secure than the main domains. Especially, identification of domain names addressing your test systems (test, old, etc.), development environments (devel, preprod etc.) and other services (ftp, mail etc.) and analysing these subdomains from a security perspective is important.

Also, it is important to know this. When you use third-party services for subdomains, you might have different attack types such as subdomain takeover. You can check S4E’s Subdomain Takeover Vulnerability Tool.

 

How To Find Subdomains of a Domain Online?

 

You can use S4E's online and free subdomain finder tool on how to find all the subdomains of a domain. All you need to do is to type the domain name which you want to detect the subdomains.

Other Ways to Scan for Subdomains

You can run nmap --script dns-brute Target_Host command on nmap tool which can be installed to all operating systems.

Also, you can use the searchengine_subdomains_collector auxiliary module of “Metasploit Framework” to check the vulnerability.

Lastly, you can check it with open source tools such as “Sublist3r”, “aquatone”. For example, let’s use Sublist3r tool:

	python sublist3r.py -d yourdomain.com
	[-] Enumerating subdomains now for yourdomain.com
	[-] Searching now in Baidu..
	[-] Searching now in Yahoo..
	[-] Searching now in Google..
	[-] Searching now in Bing..
	[-] Searching now in Ask..
	[-] Searching now in Netcraft..
	[-] Searching now in DNSdumpster..
	[-] Searching now in Virustotal..
	[-] Searching now in ThreatCrowd..
	[-] Searching now in SSL Certificates..
	[-] Searching now in PassiveDNS..
	[-] Total Unique Subdomains Found: 3
	admin.yourdomain.com
	blog.yourdomain.com
	devel.yourdomain.com
Get started to protecting your Free Full Security Scan