subsearch is a command line tool designed to brute force subdomain names.

subsearch is a command line tool designed to brute force subdomain names.

subsearch is a command line tool designed to brute force subdomain names. It is aimed at penetration testers and bug bounty hunters and has been built with a focus on speed, stealth and reporting.

The current release is version 0.1.1 and was published on 14/3/2016.
Release version 0.1.1:
– subsearch can now handle massive wordlists, wordlists aren’t loaded into memory in one go
– resolver timeouts increased from 5, 10 and 15 seconds to 10, 20 and 30 seconds
– other minor bug fixes

subsearch

subsearch

Features:
+ Scan a single hostname or a list of hostnames
+ Takes as arguments a comma separated list of DNS resolvers, and/or a file containing newline delimited list of resolvers
+ Check if the hostname’s authoritative name servers are vulnerable to a zone transfer (can be skipped)
+  Recursive scanning: If a CNAME, MX, NS or SRV record is discovered, the any subdomains will be added to a priority list of subdomains to scan for
+  Extra level of verbosity
+  Reporting capability
+  Real-time feedback
+  Supports the use of massive wordlists

Requirements:
+ subsearch is built on and requires Java 8.

Usage:

Source: https://github.com/gavia