Subdomain Enumeration

SecurityTrails API™

API providing historical & current DNS, WHOIS, and domain intelligence data.

SecurityTrails API

API platform providing historical DNS, WHOIS, and IP data for security research.

S4E CTEM & EASM Platform

AI-powered CTEM & EASM platform for website vulnerability scanning.

Cylana EASM

AI-powered EASM platform for digital asset discovery and monitoring.

Galileo Security

Exposure management platform for asset discovery, risk prioritization & remediation.

Astra Website Scanner

Dynamic web app & API vulnerability scanner with free and paid tiers.

Ceeyu Digital Footprint Monitoring

Automated digital asset discovery and monitoring for external attack surface

Black Hills Information Security DNS Triage

DNS reconnaissance tool checking DNS records, subdomains, and third-party svcs

Bishop Fox Attack Surface Discovery

Continuous external attack surface discovery and asset validation service

Assetnote Attack Surface Management Tool

ASM platform that scans external attack surfaces hourly for vulnerabilities

Intruder Discover Attack Surface

Attack surface management platform for discovering and securing exposed assets

Halo Security Attack Surface Discovery

Discovers and inventories internet-facing assets including subdomains, IPs, and apps.

Detectify Surface Monitoring

Monitors internet-facing subdomains for vulnerabilities and misconfigurations

Detectify Platform

Platform for external attack surface management and application security testing

Aikido DAST Scanner

DAST scanner that identifies web app vulnerabilities and attack surfaces

Findomain

A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.

CloudJack

Assesses AWS accounts for subdomain hijacking via Route53/CloudFront

Habu Hacking Toolkit

A Python-based network hacking toolkit that implements various attack and reconnaissance techniques for educational purposes and network security learning.

takeover

A tool for testing subdomain takeover possibilities at a mass scale.

second-order

Second-order subdomain takeover scanner

HostileSubBruteforcer

A tool for bruteforcing subdomains of a given domain

tko-subs

A tool for detecting and taking over subdomains with dead DNS records

cnames

A tool for taking a list of resolved subdomains and outputting any corresponding CNAMES en masse.

Can I take over XYZ?

A list of services and how to claim (sub)domains with dangling DNS records.