Top Related Projects
Fast passive subdomain enumeration tool.
In-depth attack surface mapping and asset discovery
Fast subdomains enumeration tool for penetration testers
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Quick Overview
Assetfinder is a command-line tool designed to discover subdomains and related assets for a given domain. It uses various sources and techniques to find associated domain names, making it useful for reconnaissance in security testing and bug bounty hunting.
Pros
- Fast and efficient subdomain discovery
- Utilizes multiple sources for comprehensive results
- Easy to use with a simple command-line interface
- Can be easily integrated into other tools and workflows
Cons
- Limited configuration options
- May produce false positives or outdated results
- Depends on external sources, which may change or become unavailable
- No built-in filtering or validation of results
Getting Started
To install and use Assetfinder:
- Install Go if not already installed
- Run the following command to install Assetfinder:
go install github.com/tomnomnom/assetfinder@latest
- Use Assetfinder to find subdomains:
assetfinder example.com
This will output a list of discovered subdomains for example.com.
For more advanced usage, you can pipe the results to other tools or use it in shell scripts:
assetfinder example.com | grep example.com > subdomains.txt
This command will find subdomains, filter for those containing "example.com", and save the results to a file named "subdomains.txt".
Competitor Comparisons
Fast passive subdomain enumeration tool.
Pros of subfinder
- More comprehensive subdomain enumeration with multiple sources and techniques
- Actively maintained with frequent updates and new features
- Supports concurrent execution for faster results
Cons of subfinder
- More complex setup and configuration compared to assetfinder
- Requires API keys for some sources, which may not be readily available
- Potentially slower for quick, basic subdomain discovery tasks
Code comparison
assetfinder:
func main() {
for _, domain := range getStdin() {
for _, subdomain := range find(domain) {
fmt.Println(subdomain)
}
}
}
subfinder:
func (r *Runner) EnumerateSubdomains(domain string, output io.Writer, appendToFile bool) error {
results := r.passiveAgent.EnumerateSubdomains(domain, r.options.Timeout)
for result := range results {
fmt.Fprintf(output, "%s\n", result)
}
return nil
}
Both tools are written in Go and focus on subdomain enumeration. assetfinder has a simpler implementation, while subfinder offers more advanced features and customization options. assetfinder is easier to use for quick tasks, while subfinder provides more comprehensive results at the cost of increased complexity.
In-depth attack surface mapping and asset discovery
Pros of Amass
- More comprehensive subdomain enumeration with multiple data sources and techniques
- Advanced features like DNS resolution, port scanning, and certificate transparency checks
- Active community and regular updates
Cons of Amass
- Steeper learning curve due to more complex configuration options
- Slower execution time for extensive scans compared to Assetfinder
- Higher resource consumption, especially for large-scale enumeration
Code Comparison
Assetfinder (simple usage):
assetfinder example.com
Amass (basic enumeration):
amass enum -d example.com
Amass (advanced usage with multiple techniques):
amass enum -active -brute -d example.com -o output.txt
While Assetfinder focuses on quick and straightforward subdomain discovery, Amass offers a more comprehensive approach with additional features and customization options. Assetfinder is ideal for rapid reconnaissance, whereas Amass is better suited for in-depth asset discovery and enumeration in larger-scale security assessments.
Fast subdomains enumeration tool for penetration testers
Pros of Sublist3r
- Supports multiple search engines and APIs for subdomain enumeration
- Includes a built-in DNS resolver for discovered subdomains
- Offers both command-line and Python module usage options
Cons of Sublist3r
- Less actively maintained compared to Assetfinder
- May be slower due to its reliance on multiple search engines
- Requires additional Python dependencies to be installed
Code Comparison
Assetfinder (Go):
func main() {
for _, domain := range getStdin() {
for _, subdomain := range find(domain) {
fmt.Println(subdomain)
}
}
}
Sublist3r (Python):
def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, engines):
bruteforce_list = []
subdomains = []
search_list = set()
if is_windows():
subdomains = sublist3r.main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, engines)
Both tools aim to discover subdomains, but they differ in implementation and features. Assetfinder is written in Go and focuses on speed and simplicity, while Sublist3r is a Python-based tool with more comprehensive subdomain enumeration capabilities. Assetfinder is generally faster and easier to use, while Sublist3r offers more advanced features and flexibility.
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
Pros of gau
- Fetches URLs from multiple sources (Wayback Machine, AlienVault OTX, Common Crawl)
- Supports custom output formats and filtering options
- Can handle multiple domains simultaneously
Cons of gau
- May produce more false positives due to its broader data sources
- Potentially slower due to querying multiple APIs
- Requires additional configuration for optimal results
Code Comparison
assetfinder:
assetfinder example.com
gau:
gau example.com
Key Differences
assetfinder focuses on finding subdomains and related domains, while gau retrieves historical and live URLs associated with a domain. assetfinder is generally faster and produces more focused results, but gau offers a broader range of data sources and more customization options.
Use Cases
assetfinder is ideal for quick subdomain enumeration and initial reconnaissance. gau is better suited for comprehensive URL discovery, including historical data and potentially hidden endpoints.
Performance
assetfinder typically runs faster and consumes less resources, making it suitable for quick scans. gau may take longer to execute but provides a more extensive dataset, which can be valuable for in-depth analysis.
Integration
Both tools can be easily integrated into larger workflows and scripts. However, gau's additional features and output options may require more setup and post-processing to fully utilize its capabilities.
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Pros of hakrawler
- Performs web crawling and content discovery, not just subdomain enumeration
- Can extract URLs from JavaScript files and other web content
- Supports custom headers and cookies for authenticated crawling
Cons of hakrawler
- May be slower for large-scale subdomain enumeration tasks
- Requires more configuration and setup for optimal use
- Can potentially generate more noise in results due to its crawling nature
Code Comparison
assetfinder:
for _, source := range sources {
for result := range source.ProcessDomain(domain) {
fmt.Println(result)
}
}
hakrawler:
c := colly.NewCollector(
colly.MaxDepth(depth),
colly.URLFilters(regexp.MustCompile(domain)),
)
c.OnHTML("a[href]", func(e *colly.HTMLElement) {
link := e.Attr("href")
c.Visit(e.Request.AbsoluteURL(link))
})
Summary
While assetfinder focuses on efficient subdomain enumeration from various sources, hakrawler offers a more comprehensive web crawling approach. assetfinder is generally faster and more straightforward for subdomain discovery, while hakrawler provides deeper content exploration and URL extraction capabilities. The choice between the two depends on the specific requirements of the security assessment or reconnaissance task at hand.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
assetfinder
Find domains and subdomains potentially related to a given domain.
Install
If you have Go installed and configured (i.e. with $GOPATH/bin in your $PATH):
go get -u github.com/tomnomnom/assetfinder
Otherwise download a release for your platform.
To make it easier to execute you can put the binary in your $PATH.
Usage
assetfinder [--subs-only] <domain>
Sources
Please feel free to issue pull requests with new sources! :)
Implemented
- crt.sh
- certspotter
- hackertarget
- threatcrowd
- wayback machine
- dns.bufferover.run
- facebook
- Needs
FB_APP_IDandFB_APP_SECRETenvironment variables set (https://developers.facebook.com/) - You need to be careful with your app's rate limits
- Needs
- virustotal
- Needs
VT_API_KEYenvironment variable set (https://developers.virustotal.com/reference)
- Needs
- findsubdomains
- Needs
SPYSE_API_TOKENenvironment variable set (the free version always gives the first response page, and you also get "25 unlimited requests") â (https://spyse.com/apidocs)
- Needs
Sources to be implemented
- http://api.passivetotal.org/api/docs/
- https://community.riskiq.com/ (?)
- https://riddler.io/
- http://www.dnsdb.org/
- https://certdb.com/api-documentation
TODO
- Flags to control which sources are used
- Likely to be all on by default and a flag to disable
- Read domains from stdin
Top Related Projects
Fast passive subdomain enumeration tool.
In-depth attack surface mapping and asset discovery
Fast subdomains enumeration tool for penetration testers
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
Simple, fast web crawler designed for easy, quick discovery of endpoints and assets within a web application
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot