Subdomain Enumeration
Discover all subdomains of a target domain using multiple OSINT sources. Includes DNS resolution, HTTP status verification, server detection, and technology fingerprinting. Export comprehensive reports as PDF.
Subdomain Enumeration - Attack Surface Discovery
Subdomain enumeration is a critical first step in security assessments and OSINT investigations. Our tool queries multiple data sources including certificate transparency logs, DNS databases, search engine caches, and web archives to discover all subdomains associated with a target domain. Each discovered subdomain is then verified through DNS resolution to confirm its status (active or inactive), and HTTP probing identifies web servers with their response codes, server software, page titles, and detected technologies. This information is invaluable for penetration testers mapping an organization's attack surface, security teams auditing their external footprint, and OSINT investigators understanding an entity's web infrastructure. The PDF export feature generates comprehensive reports suitable for security assessments and compliance documentation, including summary statistics, active subdomain tables, HTTP-responsive hosts, detected technologies, and the complete subdomain list.