subsearch is a command line tool designed to brute force subdomain names. It is aimed at penetration testers and bug bounty hunters and has been built with a focus on speed, stealth and reporting.
The current release is version 0.1.1 and was published on 14/3/2016.
Release version 0.1.1:
– subsearch can now handle massive wordlists, wordlists aren’t loaded into memory in one go
– resolver timeouts increased from 5, 10 and 15 seconds to 10, 20 and 30 seconds
– other minor bug fixes
+ Scan a single hostname or a list of hostnames
+ Takes as arguments a comma separated list of DNS resolvers, and/or a file containing newline delimited list of resolvers
+ Check if the hostname’s authoritative name servers are vulnerable to a zone transfer (can be skipped)
+ Recursive scanning: If a CNAME, MX, NS or SRV record is discovered, the any subdomains will be added to a priority list of subdomains to scan for
+ Extra level of verbosity
+ Reporting capability
+ Real-time feedback
+ Supports the use of massive wordlists
+ subsearch is built on and requires Java 8.
tar xf subsearch-0.1.1.tar.gz
java -jar subsearch-0.1.1.jar --help