/subdomain-scanner

Subdomain Enumeration Scanner is a cloud-first microservices tool designed to help you discover all the subdomains associated with a specific domain.

Primary LanguageTypeScriptApache License 2.0Apache-2.0


Like this project ? Leave us a star ⭐

Subd Logo

Subdomain Enumeration Tool 🔥.


Code of conduct MIT Experimental

Subdomain Enumeration Scanner is a cloud-first microservices tool designed to help you discover all the subdomains associated with a specific domain.

This tool provides a way to gather valuable information that can be used for security testing, or just gaining insights into a target domain's online presence.


Application Banner


Architecture

Application Banner

How It Works

The user initiates a POST request containing the target domain. Upon receiving the request, the handler parses and deserializes the payload into a local data structure. This data structure is then passed to a scan method responsible for identifying subdomains related to the given domain.

Steps in the scan Method:

  1. Subdomain Discovery:

    • The arguments are passed to apiQuerySvc, aiBruteSvc, and bruteSvc, which both return lists of subdomains. These lists are combined into a single result.
  2. DNS Resolution:

    • The combined subdomain list is passed to dnsResolveSvc, which resolves the subdomains into their corresponding DNS addresse.
  3. Port Scanning:

    • Here each subdomain are scanned for open ports.
  4. Response Construction:

    • The final list, including subdomains and their open ports, is sent back as a response to the frontend.
Service Language Description
frontend Go Exposes an HTTP server to serve the website.
apiqueryservice Typescript Queries external api to get associated subdomains
bruteservice Rust Uses the brute force methodology of finding subdomains
dnsresolveservice Java Responsible for resolving domain names to its ip addresses
portscanservice Rust Responsible for scanning subdomains for open ports
aibruteservice Python Leverages Gen AI for finding subdomains by brute force using semantic understanding from target domain


Technologies Uses
Kubernetes Container Orchestration System for managing containers
Docker A tool for packaging your application and its dependecies into an image that can be run as a container
Helm A dependency management tool for kubernetes environment.
Github Actions Used for setting up CI/CD to improve developement time.
Open Telemetry A standard for telemetry data.
Jaeger Used for handling metrics that comes from Open Telemetry.
Prometheus Responsible for storing service insights in a time series format
Google Gemini A cutting-edge LLM to generate subdomains based on sematic understanding.
gRPC A RPC framework for service-to-service communication used in microservices.
Protocol Buffer A serialization format used by gRPC to exchange data over HTTP 2.0 protocol.
Fluent Bit A log and metrics processor which serves as a cluster-level log collector agent.
Elastic Search A logging backend.
Kibana A data visualization dashboard for Elastic-search.
AWS CDK Used for AWS Infra Stack provisioning

License

Copyright 2024 Subdomain Enumeration Tool

Licensed under the Apache License.
See LICENSE.md for more information.


Contributors ✨


Star History

Truly grateful for your support 💖

Happy Hacking!