performing-subdomain-enumeration-with-subfinder

Featured

Enumerate subdomains of target domains using ProjectDiscovery's Subfinder passive reconnaissance tool to map the attack surface during security assessments.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Performing Subdomain Enumeration with Subfinder ## When to Use - During the reconnaissance phase of penetration testing or bug bounty hunting - When mapping the external attack surface of a target organization - Before performing vulnerability scanning on discovered subdomains - When building an asset inventory for continuous security monitoring - During red team engagements requiring passive information gathering ## Prerequisites - Go 1.21+ installed for building from source - Subfinder v2 installed (`go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest`) - API keys configured for passive sources (Shodan, Censys, VirusTotal, SecurityTrails, Chaos) - Provider configuration file at `$HOME/.config/subfinder/provider-config.yaml` - Network access to passive DNS and certificate transparency sources - httpx or httprobe for validating discovered subdomains ## Workflow ### Step 1 — Install and Configure Subfinder ```bash # Install subfinder go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest # Verify installation subfinder -version # Configure API keys for enhanced results mkdir -p $HOME/.config/subfinder cat > $HOME/.config/subfinder/provider-config.yaml << 'EOF' shodan: - YOUR_SHODAN_API_KEY censys: - YOUR_CENSYS_API_ID:YOUR_CENSYS_API_SECRET virustotal: - YOUR_VT_API_KEY securitytrails: - YOUR_ST_API_KEY chaos: - YOUR_CHAOS_API_KEY EOF ``` ### Step 2 — Run Basic Subdomain Enumeration ```bash # Single domain enumera...

Details

Author: mukul975
Repository: mukul975/Anthropic-Cybersecurity-Skills
Created: 3 months ago
Last Updated: today
Language: Python
License: Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

Web & Frontend Listed

recon-dominator

Automated full-scope reconnaissance starting from a domain or domain list. Performs subdomain enumeration, port scanning, technology fingerprinting, OSINT correlation, Google dorking, and Wayback analysis. Use when user provides a domain or list of domains and asks for "recon", "reconnaissance", "attack surface mapping", "subdomain enumeration", "footprinting", or "information gathering". Designed for authorized penetration testing and bug bounty.

31 Updated today

KaQus

Web & Frontend Listed

web2-recon

Web2 recon pipeline — subdomain enumeration (subfinder, Chaos API, assetfinder), live host discovery (dnsx, httpx), URL crawling (katana, waybackurls, gau), directory fuzzing (ffuf), JS analysis (LinkFinder, SecretFinder), continuous monitoring (new subdomain alerts, JS change detection, GitHub commit watch). Use when starting recon on any web2 target or when asked about asset discovery, subdomain enum, or attack surface mapping.

1,380 Updated 4 days ago

elementalsouls

AI & Automation Listed

recon-asset-discovery

Subdomain enumeration, CT logs, DNS record catalog, WHOIS/RDAP, and passive reconnaissance for authorized external recon.

0 Updated today

Ap6pack

Web & Frontend Listed

web2-recon

0 Updated today

Mikacr1138

AI & Automation Listed

bounty-recon

Use at the start of a bug bounty engagement. Provides scope-aware recon methodology — passive enumeration, subdomain discovery, asset attribution, tech stack fingerprinting, content discovery. Respects scope and program rules. Triggers on "bounty recon", "subdomain enum", "attack surface map", "h1 recon", "bug bounty start".

6 Updated today

26zl