How to use the command 'subfinder' (with examples)

How to use the command 'subfinder' (with examples)

The ‘subfinder’ command is a subdomain discovery tool that is used to discover valid subdomains for websites. It is designed to be a passive framework that is useful for bug bounties and safe for penetration testing. It can be helpful for individuals or organizations looking to identify potential security vulnerabilities in their websites by identifying all related subdomains.

Use case 1: Find subdomains for a specific domain

Code:

subfinder -d example.com

Motivation:

Finding all subdomains for a specific domain can help in identifying potential vulnerabilities and ensuring the security of the overall website. By discovering all possible subdomains, an organization can gain better visibility into their attack surface and proactively address any security concerns.

Explanation:

  • ‘subfinder’ is the command used to initiate the subdomain discovery process.
  • ‘-d example.com’ specifies the domain name for which subdomains need to be discovered. Replace ’example.com’ with the desired domain name.

Example output:

subdomain1.example.com
subdomain2.example.com
subdomain3.example.com

Use case 2: Show only the subdomains found

Code:

subfinder --silent -d example.com

Motivation:

Sometimes, you may only want to see the list of subdomains found without any additional information or logs. This can be useful for simplicity and clarity, especially when dealing with a large number of subdomains.

Explanation:

  • ‘–silent’ is an argument that tells ‘subfinder’ to only display the subdomains found without any additional information or logs.
  • ‘-d example.com’ specifies the domain name for which subdomains need to be discovered. Replace ’example.com’ with the desired domain name.

Example output:

subdomain1.example.com
subdomain2.example.com
subdomain3.example.com

Use case 3: Use a brute-force attack to find subdomains

Code:

subfinder -d example.com -b

Motivation:

A brute-force attack can be used to discover additional subdomains that may not be found through regular techniques. By using a brute-force attack, you can exhaustively search for all possible subdomains and ensure that no potential vulnerabilities go unnoticed.

Explanation:

  • ‘-b’ is an argument that enables the brute-force attack mode in ‘subfinder’. This tells the tool to use a brute-force approach to find subdomains.
  • ‘-d example.com’ specifies the domain name for which subdomains need to be discovered. Replace ’example.com’ with the desired domain name.

Example output:

subdomain1.example.com
subdomain2.example.com
subdomain3.example.com

Use case 4: Remove wildcard subdomains

Code:

subfinder -nW -d example.com

Motivation:

Wildcard subdomains are unpredictable and can lead to security vulnerabilities. By removing wildcard subdomains, you can reduce the attack surface and ensure better security for your website.

Explanation:

  • ‘-nW’ is an argument that tells ‘subfinder’ to remove any wildcard subdomains from the list of discovered subdomains.
  • ‘-d example.com’ specifies the domain name for which subdomains need to be discovered. Replace ’example.com’ with the desired domain name.

Example output:

subdomain1.example.com
subdomain2.example.com
subdomain3.example.com

Use case 5: Use a given comma-separated list of resolvers

Code:

subfinder -r 8.8.8.8,1.1.1.1 -d example.com

Motivation:

By specifying a list of resolvers, you can control which DNS servers ‘subfinder’ uses to perform the subdomain discovery. This can be useful if you want to use specific DNS servers that are known to be reliable or if you want to avoid using certain DNS servers for privacy reasons.

Explanation:

  • ‘-r 8.8.8.8,1.1.1.1’ is an argument that tells ‘subfinder’ to use the specified comma-separated list of resolvers for DNS resolution.
  • ‘-d example.com’ specifies the domain name for which subdomains need to be discovered. Replace ’example.com’ with the desired domain name.

Example output:

subdomain1.example.com
subdomain2.example.com
subdomain3.example.com

Conclusion:

The ‘subfinder’ command is a powerful tool for discovering valid subdomains for websites. By utilizing its various options and arguments, users can gain better visibility into their attack surface and proactively address any security concerns. Whether it is to find all subdomains, perform a brute-force attack, remove wildcard subdomains, or customize the list of resolvers, ‘subfinder’ provides the flexibility and functionality required for effective subdomain discovery.

Tags :

Related Posts

Using the Pueue Add Command (with examples)

Using the Pueue Add Command (with examples)

The pueue add command allows us to enqueue tasks for execution using the Pueue task manager.

Read More
How to use the command "wl-copy" (with examples)

How to use the command "wl-copy" (with examples)

“wl-copy” is a command-line tool used for manipulating the clipboard in a Wayland session.

Read More
How to use the command 'meshlabserver' (with examples)

How to use the command 'meshlabserver' (with examples)

MeshLab is a popular 3D mesh processing software that provides various tools and filters for working with 3D models.

Read More