git404hub

what is subfinder fr?

projectdiscovery/subfinder — explained in plain English

Analysis updated 2026-06-24

13,617GoAudience · ops devopsComplexity · 2/5Setup · easy

tl;dr

Subfinder is a fast command-line tool that discovers subdomains of a target domain by querying public internet sources like certificate logs and DNS records, without sending any traffic to the target itself.

vibe map

mindmap
  root((subfinder))
    What It Does
      Subdomain discovery
      Passive scanning
      No target footprint
    Data Sources
      Certificate logs
      DNS datasets
      API key sources
    Output Options
      Terminal output
      File output
      JSON format
    Use Cases
      Penetration testing
      Bug bounty recon
      Security automation

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Map all subdomains of a target domain during an authorized penetration test or bug bounty assessment.

VIBE 2

Feed a subdomain list into other security tools as the first step in a reconnaissance workflow.

VIBE 3

Use subfinder as a Go library inside your own security automation program to enumerate subdomains without spawning a subprocess.

what's the stack?

Go

how it stacks up fr

projectdiscovery/subfindercasdoor/casdoorsemaphoreui/semaphore
Stars13,61713,60413,597
LanguageGoGoGo
Setup difficultyeasymoderateeasy
Complexity2/54/53/5
Audienceops devopsops devopsops devops

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min

Works immediately for free public sources, optional API keys from third-party services unlock more complete subdomain data.

Open source, specific license terms are not described in the repository explanation.

in plain english

Subfinder is a command-line tool that discovers subdomains of a website by querying public internet sources rather than actively probing or scanning the target. For example, if you give it "example.com", it searches certificate transparency logs, DNS datasets, and other public records to build a list of subdomains like "api.example.com" or "mail.example.com" that actually exist. Because it works passively and does not send requests directly to the target, it is fast and leaves no footprint on the system being researched. The tool is built for two main groups: security testers assessing a target with permission, and bug bounty hunters mapping the attack surface of a program they are authorized to research. Finding subdomains is typically one of the first steps in both cases, because each subdomain can be a separate service with its own vulnerabilities. Subfinder pulls data from many different online sources at once. Some of those sources are free and need no configuration, others require an API key that you obtain yourself from third-party services and add to a config file. More sources generally means more complete results, but the tool works out of the box without any API keys for the free sources. Results can be printed to the terminal, written to a file, or formatted as JSON, making it straightforward to feed the output into other tools in a security testing workflow. The project also ships as a Go library, so developers can call subfinder from their own programs without running it as a separate process. The project is maintained by ProjectDiscovery and is open source. A usage disclaimer is included in the repository noting that the tool should only be used on systems you are authorized to test.

prompts (copy fr)

prompt 1
I'm doing a bug bounty on a target domain. Show me the subfinder command to enumerate all subdomains and save results to a file for further testing.
prompt 2
Help me configure subfinder with API keys for additional data sources to get more complete subdomain results than the free sources alone.
prompt 3
I want to pipe subfinder output directly into another recon tool. Show me the command to output JSON and use it in a pipeline.
prompt 4
How do I use subfinder as a Go library in my own program to enumerate subdomains programmatically instead of calling it as a CLI?

Frequently asked questions

what is subfinder fr?

Subfinder is a fast command-line tool that discovers subdomains of a target domain by querying public internet sources like certificate logs and DNS records, without sending any traffic to the target itself.

What language is subfinder written in?

Mainly Go. The stack also includes Go.

What license does subfinder use?

Open source, specific license terms are not described in the repository explanation.

How hard is subfinder to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is subfinder for?

Mainly ops devops.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.