If you're into serious subdomain enumeration and tired of hitting the same limits with Subfinder, Assetfinder, and the usual OSINT suspects β let me introduce you to SubFors, an open-source beast designed for extreme recon and smart discovery
- Here's a quick comparison showing how SubFors stacks up against other tools:
π Feature Comparison:
| Feature | SubFors β | Subfinder β | Assetfinder β |
|---|---|---|---|
| API Integrations | β (VT, DNS) | β | β |
| Multi-Engine Search | β (11 engines) | β (8 engines) | β |
| CT Logs Support | β | β | β |
| Web Archive Analysis | β (Wayback etc) | β | β |
| JS File Analysis | β | β | β |
| CAPTCHA/WAF Bypass | β Smart Bypass | β | β |
| Smart Brute Force | β | β | β |
| Rate Limit Handling | β Auto-Detect | β | β |
| Bulk Domains Support | β | β | β |
| FavIcon Hashing | β | β | β |
| WAF/CDN Detection | β | β | β |
| Multiple Output Formats | β JSON/TXT/XML | β TXT/JSON | β TXT |
| Speed | β Ultra Fast | Moderate | Basic |
π§ Why It's Different:
Uses 11 different data sources + APIs
Detects CAPTCHA & WAFs β and bypasses them
Scans JS files, headers, source code, even favicon hashes
Built-in brute-force with smart evasion
Web archive scraping for deep legacy subs
Auto-detects rate limits and adapts
Output is clean, exportable in JSON/XML/TXT
Designed for automation and serious bug bounty recon
π Try It:
π οΈ GitHub: https://github.com/saad-ayady/SubFors
π Web Docs & Demo: https://saad-ayady.github.io/SubFors_WebSite
β οΈ This isnβt another clone β itβs a full-blown intelligent recon engine.
Give it a shot. Test it on a big scope. Compare results.
And if you like it? A β on GitHub and feedback would mean the world π
Top comments (0)