DEV Community

arrester
arrester

Posted on • Edited on

SubSurfer

SubSurfer

SubSurfer is an open-source security tool designed for efficiently identifying subdomains and network subnets. It leverages both passive and active scanning techniques to uncover hidden subdomains of a target domain, providing valuable insights for security assessments and red team operations. The tool is well-suited for enhancing OSINT and attack surface analysis, offering automated data collection and powerful filtering options. Additionally, SubSurfer can be imported and used as a Python module, allowing for seamless integration into custom scripts and applications.

Image description

🌟 Features

Red Team/Bug Bounty Support: Useful for both red team operations and web bug bounty projects
High-Performance Scanning: Fast subdomain enumeration using asynchronous and parallel processing
Port Scanning: Expand asset scanning range with customizable port selection
Web Service Identification: Gather environmental details such as web servers and technology stacks
Pipeline Integration: Supports integration with other tools using -pipeweb and -pipesub options
Modular Design: Can be imported and used as a Python module
Continuous Updates: - Continuous Updates: New passive/active modules will continue to be added

🚀 Installation

bash
git clone https://github.com/arrester/subsurfer.git
cd subsurfer

or

Python
pip install subsurfer

Homepage

GitHub: https://github.com/arrester/SubSurfer
PyPi: https://pypi.org/project/subsurfer/

If you find the tool useful, please give it a GitHub Star.

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs