Trending News: Major Cybersecurity IncidentsPlaintext Passwords and Public Panic: 184 Million Records ExposedUnderstanding Session Hijacking in CybersecurityHow HTML Injection Works and Why It’s DangerousCybersecurity & Forensics R&D Centre at EOU PatnaTime Based For Hall of Fame in HackerOneOne Click Away from Breach: The Power of RCEMobile Hacking: What It Is, How It Happens, and How to Stay SafeWhat is Dark Web and How to Access Dark Web?What is Path Traversal Vulnerability?Most common vulnerability Open RedirectOverview of Broken Access Control VulnerabilitiesNew e-Zero FIR will help cyber criminalsCyber Laws of IndiaUnderstanding IDOR Vulnerability: Risks, Detection, and PreventionParamSpider: A Powerful Tool for Discovering Hidden Web ParametersWhat is Cross-Site Scripting (XSS)?What is AI? How AI Works!Cybersecurity in the Modern World: Safeguarding Our Digital FutureSection 464 IPC – Making a False Document: A Comprehensive GuideSection 70B of IT Act – What is CERT-IN and Why It Matters for Cybersecurity in IndiaSection 419 IPC: Cheating by Personation – Explained with Examples, Phishing Cases & How to Stay SafeSection 67 of the IT Act: Publishing Obscene Content Online – What You Need to KnowSection 66D of the IT Act, 2000 – Cheating by Personation Using Computer ResourcesUnderstanding Section 65 of the IT Act, 2000: Tampering with Computer Source CodeSection 43 of the Information Technology Act, 2000: Explained in SimpleUnderstanding Section 66 of the IT Act, 2000: Explained with a Cyber ExampleHow to Install Kali Linux on Windows PC or Laptop Using WSLHow to Use Subfinder to Discover Subdomains: A Complete GuideIn-Depth Guide to Cyber Law Section 66 of IT Act, 2000Most Common and Popular Cyber Laws in India: What Every Internet User Must KnowThe Best Digital Cyber Attack are performTop 10 Tool Which is The god of Bug BountyEverything You Need to Know About the Dark WebHow Web Browsers Work: Your Window to the Internet!CyberHelper’s Guide to 100 Things That Can Make Your Digital Life Unsafe!10 Best Extensions for Bug Bounty (Web Pentesting)CyberHelper – Learn Ethical Hacking & Cybersecurity for FreeUnderstanding CVE (Common Vulnerabilities and Exposures) in CybersecuritySubdomain Takeover: Understanding the Risk & How to Prevent ItUnderstanding HTML Injection: A Complete GuideUnderstanding Cross-Site Scripting (XSS): A Deep DiveUnderstanding Cross-Site Request Forgery (CSRF): A Deep DiveUnderstanding OTP Bombing: How It Works and How to Stay Safe
Thu. Jun 19th, 2025
Trending News: Major Cybersecurity IncidentsPlaintext Passwords and Public Panic: 184 Million Records ExposedUnderstanding Session Hijacking in CybersecurityHow HTML Injection Works and Why It’s DangerousCybersecurity & Forensics R&D Centre at EOU PatnaTime Based For Hall of Fame in HackerOneOne Click Away from Breach: The Power of RCEMobile Hacking: What It Is, How It Happens, and How to Stay SafeWhat is Dark Web and How to Access Dark Web?What is Path Traversal Vulnerability?Most common vulnerability Open RedirectOverview of Broken Access Control VulnerabilitiesNew e-Zero FIR will help cyber criminalsCyber Laws of IndiaUnderstanding IDOR Vulnerability: Risks, Detection, and PreventionParamSpider: A Powerful Tool for Discovering Hidden Web ParametersWhat is Cross-Site Scripting (XSS)?What is AI? How AI Works!Cybersecurity in the Modern World: Safeguarding Our Digital FutureSection 464 IPC – Making a False Document: A Comprehensive GuideSection 70B of IT Act – What is CERT-IN and Why It Matters for Cybersecurity in IndiaSection 419 IPC: Cheating by Personation – Explained with Examples, Phishing Cases & How to Stay SafeSection 67 of the IT Act: Publishing Obscene Content Online – What You Need to KnowSection 66D of the IT Act, 2000 – Cheating by Personation Using Computer ResourcesUnderstanding Section 65 of the IT Act, 2000: Tampering with Computer Source CodeSection 43 of the Information Technology Act, 2000: Explained in SimpleUnderstanding Section 66 of the IT Act, 2000: Explained with a Cyber ExampleHow to Install Kali Linux on Windows PC or Laptop Using WSLHow to Use Subfinder to Discover Subdomains: A Complete GuideIn-Depth Guide to Cyber Law Section 66 of IT Act, 2000Most Common and Popular Cyber Laws in India: What Every Internet User Must KnowThe Best Digital Cyber Attack are performTop 10 Tool Which is The god of Bug BountyEverything You Need to Know About the Dark WebHow Web Browsers Work: Your Window to the Internet!CyberHelper’s Guide to 100 Things That Can Make Your Digital Life Unsafe!10 Best Extensions for Bug Bounty (Web Pentesting)CyberHelper – Learn Ethical Hacking & Cybersecurity for FreeUnderstanding CVE (Common Vulnerabilities and Exposures) in CybersecuritySubdomain Takeover: Understanding the Risk & How to Prevent ItUnderstanding HTML Injection: A Complete GuideUnderstanding Cross-Site Scripting (XSS): A Deep DiveUnderstanding Cross-Site Request Forgery (CSRF): A Deep DiveUnderstanding OTP Bombing: How It Works and How to Stay Safe
Thu. Jun 19th, 2025

How to Use Subfinder to Discover Subdomains: A Complete Guide

Master the art of subdomain discovery using Subfinder. Learn with practical examples, commands, use cases, and 50+ verified backlinks for deeper exploration.

Table of Contents:

  1. Introduction to Subdomain Enumeration
  2. What is Subfinder?
  3. Why Use Subfinder?
  4. Installing Subfinder
  5. Basic Commands and Usage
  6. Advanced Features
  7. Real-World Example
  8. Integrating Subfinder in Automation
  9. Best Practices
  10. Legal Considerations
  11. Alternatives to Subfinder
  12. Conclusion
  13. References and Backlinks

1. Introduction to Subdomain Enumeration

Subdomain enumeration is a crucial step in reconnaissance during ethical hacking or bug bounty hunting. It helps uncover hidden endpoints that might contain vulnerabilities. Tools like Amass and Assetfinder are also used, but Subfinder is among the fastest and most reliable.

2. What is Subfinder?

Subfinder is a subdomain discovery tool written in Go. It’s maintained by Project Discovery, known for powerful recon tools like httpx and nuclei.

3. Why Use Subfinder?

  • Fast and passive
  • Supports multiple sources
  • Integrates with other tools
  • Reliable for automation

Internal link: Learn more about recon tools on CyberHelper.

4. Installing Subfinder

For Linux/macOS:

git clone https://github.com/projectdiscovery/subfinder.git
cd subfinder
go install

Windows (with Go installed):

go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest

Once installed, ensure $GOPATH/bin is in your path.

5. Basic Commands and Usage

subfinder -d example.com

This fetches subdomains of example.com. Add -silent to suppress logo.

Save to File:

subfinder -d example.com -o result.txt

6. Advanced Features

  • Use a list of domains:
subfinder -dL domains.txt -o out.txt
  • Use API keys: Store them in ~/.config/subfinder/config.yaml
binaryedge: "API_KEY"
securitytrails: "API_KEY"

More on configuring APIs: ProjectDiscovery Docs

7. Real-World Example

Case: Discovering hidden subdomains of targetsite.com

subfinder -d targetsite.com -o target_subs.txt

The results showed an exposed admin portal on admin.targetsite.com, which had directory listing enabled. This later led to an XSS vulnerability report.

Internal link: Read more on how Raghav found a bug

8. Integrating Subfinder in Automation

Use with httpx for alive subdomains:

subfinder -d example.com | httpx -silent

Or combine with nuclei for vulnerability scanning:

subfinder -d example.com | httpx | nuclei -t cves/

Internal backlink: Automating bug bounty recon

9. Best Practices

  • Always verify legality before scanning
  • Store your API keys securely
  • Rotate APIs if rate limited

Useful read: Responsible Disclosure Policy

Enumerating subdomains on unauthorized assets may breach laws like IT Act Section 66.

External guide: HackerOne Disclosure Guidelines

11. Alternatives to Subfinder

12. Conclusion

Subfinder is a powerful tool every ethical hacker must learn. Its speed, flexibility, and integrations make it a go-to recon utility.

Cyberhelper

Cyberhelper

Related Posts

ParamSpider: A Powerful Tool for Discovering Hidden Web Parameters
ParamSpider: A Powerful Tool for Discovering Hidden Web Parameters

In the world of web application security, uncovering hidden or undocumented parameters can often reveal significant vulnerabilities, including IDOR (Insecure Direct Object References), XSS (Cross-Site Scripting), and SQL Injection. One…

Continue reading

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

CyberSecurity

Major Cybersecurity Incidents

Major Cybersecurity Incidents
News

Plaintext Passwords and Public Panic: 184 Million Records Exposed

Plaintext Passwords and Public Panic: 184 Million Records Exposed
Vulnerability

Understanding Session Hijacking in Cybersecurity

Understanding Session Hijacking in Cybersecurity
Vulnerability

How HTML Injection Works and Why It’s Dangerous

How HTML Injection Works and Why It’s Dangerous
News

Cybersecurity & Forensics R&D Centre at EOU Patna

Cybersecurity & Forensics R&D Centre at EOU Patna
Vulnerability

Time Based For Hall of Fame in HackerOne

Time Based For Hall of Fame in HackerOne