A sub-domain enumeration tool.
Written in python3.

Special thanks to tools like certspotter, sublist3r, and crt.sh. Without tools like these, subseeker.py would not be what it is.
Special thanks to NahamSec's recon videos. You can go to his github for the certspotter command and many more knowledgable things

You can find these below:
Sublist3r: https://github.com/aboul3la/Sublist3r
Crtsh: https://crt.sh/
Certspotter: https://sslmate.com/certspotter/

Subseeker is a sub-domain enumeration tool. The tool simply iterates the recon process for finding subdomains from a target domain. Using tools like certspotter and sublister, subseeker can parse the output of these files for subdomain keywords. From there, those subdomain keywords can be used to individually parse https://crt.sh for subdomains. Using concurrency, (as shown in the examples) this can iterate a huge number of subdomain keywords in minutes, returning thousands of results. The results are then parsed through a python set, so duplicates are removed. Subseeker can also parse crt.sh individually, as if one were using the actual website.

Python 3.x

Python Modules
sys
re
platform
requests
argparse
concurrent.futures
subprocess
termcolor

git clone https://github.com/DFC302/subseeker.git
chmod 755 subseeker/subseeker.py

usage: subseeker.py [-h] [-d DOMAIN] [-f FILE] [-o OUT] [-H HEADER] [-v] [-S]
          [-t THREADS]

optional arguments:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        Specify domain to search.
  -f FILE, --file FILE  Specify in file.
  -o OUT, --out OUT     Specify file to write results too.
  -H HEADER, --header HEADER
                        Specify header to use.
  -v, --verbose         Turn on verbose mode.
  -S, --searchsubs      Use regex to grab subdomains from domain.
  -t THREADS, --threads THREADS
                        Number of threads.

subseeker.py single-search mode
Description: Search any variation of wildcard through crt.sh.
usage: ./subseeker.py -d [search format][domain]
EX: ./subseeker.py -d *.example.com

OPTIONAL ARGUMENTS:
-o Choose to send results to an output file.

subseeker.py multi-search mode
Description: Search subdomain keywords through crt.sh.
Note: keywords are processed like so: *[keyword]*.[domain]
Note: keywords should be written to file with each keyword on a new line, like so:

dev
test
ops
mail

usage: ./subseeker.py -d [domain] -f [file containing subdomain keywords]
EX: ./subseeker.py -d example.com -f domain_keywords.txt

OPTIONAL ARGUMENTS:
-H Choose a different header, default is Firefox.
-t Choose number of threads.
-v Verbose mode.
-o Choose to send results to an output file.

The keywords.txt file is a file that is provided, that can be used with multi-search mode.

subseeker.py parse sub domain keywords
Description: Parse through sublister, certspotter, etc. text outputs for sub domain keywords.
Note: If using sublist3r, use sublist3r's option [-o] to send results to outfile. Subseeker.py is designed to parse from a text file. Using standard redirection ">",">>", copies ANSI color codes, which will conflict with parsing.
subseeker.py -S -d [domain] -f [file contaning output from certspotter, sublister, etc. results]
EX: ./subseeker.py -S -d example.com -f certspotter_results.txt

OPTIONAL ARGUMENTS:
-o Choose to send results to an output file.

Single-Search Mode

Multi-Search Mode (Default threads)

Multi-Search Mode (50 threads)

Coded by Matthew Greer
Twitter: https://twitter.com/Vail__
Email: [email protected]
Tested on Linux only