LinuxCommandLibrary

findomain

Enumerate subdomains for a domain

SYNOPSIS

findomain [OPTIONS] [--target DOMAIN] [--input FILE]

PARAMETERS

-t, --target <DOMAIN>
    Single target domain to enumerate

-i, --input <FILE>
    File containing list of target domains

-o, --output <FILE>
    Output results to specified file

-q, --quiet
    Suppress progress output

-a, --all
    Enable all passive sources

-r, --resolver <RESOLVER>
    Custom DNS resolver (e.g., 1.1.1.1)

-T, --threads <N>
    Number of threads (default: optimal)

--format <FORMAT>
    Output format: plain, json, csv, html, tsv, elastic

-c, --config <FILE>
    Path to custom config YAML file

-u, --user-agent <UA>
    Custom User-Agent string

--vt-api-key <KEY>
    VirusTotal API key

-e, --enumerate
    Perform full enumeration including resolution

-s, --stalker <FILE>
    Stalker mode: monitor changes from previous scan

-h, --help
    Show help information

-V, --version
    Print version

DESCRIPTION

Findomain is a high-performance, Rust-based tool for passive subdomain enumeration. It discovers subdomains using public sources like Certificate Transparency (CT) logs, VirusTotal, CRT.sh, Riddler.io, and others, without sending traffic to the target domain. Ideal for bug bounty hunters, pentesters, and OSINT researchers, it supports multi-threading, custom DNS resolvers, and various output formats including JSON, CSV, and HTML.

Key strengths include speed (processes millions of entries quickly), cross-platform compatibility (Linux, Windows, macOS), and extensibility via config files for API keys. It offers modes like stalker for monitoring subdomain changes over time. Unlike active scanners, it minimizes detection risk. Users configure it via a YAML file for sources and credentials, enabling tailored scans.

CAVEATS

Requires API keys for premium sources like VirusTotal (free tier limited); rate limits apply. Not a brute-forcer—passive only. Config file needed for full features. High memory use with large targets.

SOURCES

crtsh, riddler, crtlogs, facebook_ct, virustotal, threatcrowd, bufferover, hackertarget, urlscan, zoomeye, shodan, censys, binaryedge, passive sources.

INSTALLATION

Pre-built binaries from GitHub releases; or cargo install findomain. Config: Download Findomain.yaml and edit API keys.

HISTORY

Developed by Eduardo V. (aka iod1e) starting 2018. Initially Python-based, rewritten in Rust by 2020 for speed. GitHub project with 10k+ stars; v8+ focuses on async I/O and new sources like Facebook CT.

SEE ALSO

subfinder(1), amass(1), dnsrecon(1), Sublist3r(1)

Copied to clipboard