Pricing

$1.00 / 1,000 domain scans

Subdomain Finder & Recon Tool

Discover subdomains for any target via passive OSINT sources. Ideal for security bug bounties and attack surface mapping.

Pricing

$1.00 / 1,000 domain scans

Rating

0.0

(0)

Developer

Andok

Actor stats

Bookmarked

Total users

Monthly active users

a day ago

Last modified

Subdomain Finder & Recon Tool API through CLI

The Apify CLI is the official tool that allows you to use Subdomain Finder & Recon Tool locally, providing convenience functions and automatic retries on errors.

Install Apify CLI

Using installation script (macOS/Linux):

$curl -fsSL https://apify.com/install-cli.sh | bash

Using installation script (Windows):

$irm https://apify.com/install-cli.ps1 | iex

Using Homebrew:

$brew install apify-cli

Using npm:

$npm install -g apify-cli

Other API clients include:

Subdomain Finder & Recon Tool API in Python

Subdomain Finder & Recon Tool API in JavaScript

Subdomain Finder & Recon Tool OpenAPI definition

Subdomain Finder & Recon Tool API

Subdomain Finder

happitap/subdomain-finder

Subdomain Finder is a high-speed intelligence tool that uncovers subdomains for any target domain using Certificate Transparency (CT) logs. Unlike traditional brute-force tools, it requires no heavy traffic and provides results in seconds.

HappiTap

Subdomain Finder

automation-lab/subdomain-finder

This actor discovers subdomains by querying certificate transparency logs via crt.sh. It finds all SSL/TLS certificates ever issued for a domain, extracting unique subdomain names. This passive reconnaissance technique requires no direct scanning.

Stas Persiianenko

Bug Bounty Recon Scanner

iamuendo/Bug-Bounty-Recon-Scanner

Find exposed admin panels, missing/weak security headers, sensitive file leaks, and HTTPS misconfigurations across target domains. Export prioritised risk scores and JSON reports. Run via API, schedule scans, or integrate with bug bounty tools.

Isaac Muendo

Holehe Email Osint

anshumanatrey/holehe-email-osint

Check if an email is registered on 120+ platforms (Instagram, Twitter, GitHub, Discord, etc.) without alerting the target. Perfect for OSINT investigations, security research, and email verification.

Anshuman Atrey

412

5.0

OSINT Scraper

epctex/osint-scraper

Harness the power of OSINT data with our advanced OSINT Scraper. Discover keywords and leaked information from platforms like Ideone, Dumpz, Github Gist, Pastebin, Pasteorg and Textbin. You can specify search terms, customize and retrieve OSINT data out of the box.

epctex

947

5.0

Organization Registered Domain & Subdomain Scraper

lofomachines/organization-registered-domain-subdomain-scraper

Discover all domains registered by any organization by company domain. Find related domains, subdomains, registration dates, expiration dates, and registrar information. Perfect for brand protection, competitive analysis, M&A due diligence, and security research.

Lofomachines

5.0

Threat Profiler

peachstudio/threat-profiler

Generate AI-powered cyber threat intelligence reports in minutes. Get threat actor profiles with MITRE ATT&CK mappings, attack surface analysis, and security recommendations. Perfect for security assessments, M&A due diligence, and vendor risk management, but also to know your target in cyber sales.