Posted by

ITEM TILE – File Size: 12.6K

A subdomain reconnaissance scanner

Subdomain Reconnaisance Scanner

A security tool to scan a domain to gather information. Useful for information gathering when potentially many subdomains are in use.

This tool will do the following: 1. Check nameservers for the entire domain chain, searching for unregistered servers, which could lead to domain takeover 2. Search for subdomains using DNSDumpster 3. Screenshot each subdomain 4. Search for any information shodan has on the subdomain’s IP (requires a free shodan API key)


The project requires python3 with pipenv (pip install pipenv if you don’t have it)

Clone the repository to your computer. You will need a chrome webdriver to enable screenshots – download the latest to the subdomain_recon/chrome directory from the chrome webdriver downloads page.

You can now install the dependencies with pipenvbashpipenv install

Running the program

If you want to use shodan, set the SHODAN_API in your environment variables, though this is not required.

bashexport SHODAN_API=pipenv run python

The program will generate an html report for viewing.

To restore the repository download the bundle


and run:

 git clone Charlie-belmer-subdomain_recon_-_2019-11-15_22-25-41.bundle 

Uploader: Charlie-belmer
Upload date: 2019-11-15