Skip to content

Akira-KD/Subhunt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
subhunt
subhunt
 
 
tests
tests
 
 
LICENSE
LICENSE
 
 
MANIFEST.in
MANIFEST.in
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
requirements-dev.txt
requirements-dev.txt
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

SubHunt

A fast, multi-threaded OSINT subdomain enumeration tool written in Python. SubHunt performs DNS resolution to discover subdomains and optionally verifies their HTTP/HTTPS status.

Table of Contents

Features

  • Fast DNS Resolution: Uses multi-threading to resolve subdomains concurrently.
  • HTTP/HTTPS Verification: Optional status checking; tries HTTPS first (if port 443 is reachable), then falls back to HTTP.
  • Subdomain Permutation: Generate permutations using wordlist entries (e.g., api-admin, api.admin).
  • Safety Limits: Built-in permutation limit to prevent accidental memory bloat; use --force-permute to override.
  • Verbose Logging: Debug output via -v flag.
  • File Output: Save results to a file with -o.
  • Bundled Wordlist: Includes a curated list of common subdomains; bring your own with -w.

Installation

From source (editable install)

git clone https://github.com/Akira-KD/subhunt.git
cd subhunt
pip install -e .

From package (once released)

pip install subhunt

Usage

Basic scanning

Scan for common subdomains using the bundled wordlist:

subhunt example.com

With HTTP verification

Check HTTP/HTTPS status for resolved subdomains:

subhunt example.com --verify-http

Permutation mode

Generate subdomain permutations (e.g., api-admin, api.admin):

subhunt example.com --permute

⚠️ Warning: Permutations multiply wordlist size. For example, a 46-word list generates 46 × 45 = 2,070 permutations. Use --max-permutations to set a safety limit (default: 10,000). Force override with --force-permute if needed.

Custom wordlist

Use a custom wordlist:

subhunt example.com -w /path/to/wordlist.txt

Output to file

Save results:

subhunt example.com --verify-http -o results.txt

Advanced options

Adjust thread count and request delay:

subhunt example.com -t 20 --delay 0.5

Options

usage: subhunt [-h] [-w WORDLIST] [-t THREADS] [--permute]
                [--max-permutations MAX_PERMUTATIONS] [--force-permute]
                [--delay DELAY] [-o OUTPUT] [-v] [--verify-http]
                domain

positional arguments:
  domain                        Target domain

optional arguments:
  -h, --help                    Show this help message and exit
  -w, --wordlist WORDLIST       Path to wordlist file (default: bundled)
  -t, --threads THREADS         Number of threads (default: 10)
  --permute                     Enable subdomain permutations
  --max-permutations INT        Maximum allowed permutations (default: 10000)
  --force-permute               Force generating permutations beyond limit
  --delay DELAY                 Delay between requests in seconds (default: 0.0)
  -o, --output OUTPUT           Save results to file
  -v, --verbose                 Enable verbose logging
  --verify-http                 Verify HTTP/HTTPS status

Development

Setup

pip install -r requirements-dev.txt

Running tests

pytest

Running lint

ruff check .

License

This project is licensed under the MIT License. See LICENSE file for details.

About

A fast, multi-threaded OSINT subdomain enumeration tool written in Python. SubHunt performs DNS resolution to discover subdomains and optionally verifies their HTTP/HTTPS status.

Topics

osint osint-python osint-tool subhunter

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages