SubDomainFinder

Penetration Testing

The SubDomainFinder by binsec.tools is a free tool for the systematic discovery of subdomains of a target domain. It helps security teams to identify hostnames and thereby make an organization’s external attack surface transparent. This allows potential entry points to be detected at an early stage, making SubDomainFinder a reliable foundation for penetration tests, red team exercises, and continuous security monitoring.

  • DNS brute-force (wordlist iteration): Systematically iterates through subdomain words against DNS to identify resolvable hostnames.
  • Certificate Transparency Logs (CT logs): Analysis of published TLS/SSL certificates for included Common Names and SAN entries that reveal subdomains.
  • Indexed search engine results (e.g., Google): Targeted search queries and analysis of indexed pages to identify subdomains mentioned in search results. The wordlists used can range from 500 to 50,000 words, depending on the desired duration.

All results are deduplicated and exported as a list, allowing the data to be directly integrated into subsequent processes such as port scanning, web path enumeration, or automated testing routines.

Limitations such as non-publicly visible internal hostnames or delays in CT logs affect only a small part of the relevant attack surface in practice and are rarely decisive in the initial analysis phases. For complete assessments, internal methods may be added; however, SubDomainFinder already provides a fast, extensive, and useful set of subdomains in most engagements. Legal requirements and a clearly defined scope remain important: with proper authorization and coordination, SubDomainFinder is an efficient, pragmatic tool for security researchers and penetration testers.

binsec academy GmbH - Online IT Security Training with Practical Focus

binsec academy GmbH is provider of online IT security training, offering practical, lab-based courses for professionals. The academy provides hands-on training in areas such as penetration testing and secure software development. Participants gain practical experience through realistic lab environments, including simulations of company networks and applications. Courses are available in multiple programming languages and align with standards like OWASP Top 10 and PCI DSS. Upon successful completion, participants receive certifications such as the Binsec Academy Certified Pentest Professional (BACPP) and Binsec Academy Certified Secure Coding Professional (BACSCP), demonstrating their ability to identify and remediate security vulnerabilities.

Goto binsec acadmy GmbH

binsec GmbH – Experts in Penetration Testing

binsec GmbH is a German IT security company focused on professional penetration testing. With over 10 years of experience, the team conducts in-depth penetration tests on networks, web applications, APIs, and mobile apps. Certified experts systematically identify and document security vulnerabilities to support organizations in improving their security and meeting compliance requirements.

Goto binsec GmbH

Contact

binsec GmbH
Solmsstraße 41
60486 Frankfurt am Main
Germany

Legal notice

Director: Patrick Sauer
Authorized Officer: Dominik Sauer, Florian Zavatzki
Registration: Frankfurt am Main, HRB97277
Turnover Tax Identification No.: DE290966808