Subdomain Finder

Map Your Full Attack Surface

Discover hidden subdomains and expanding your attack surface is the first step in any security assessment. Our Subdomain Finder aggregates data from multiple passive sources including certificate transparency logs, search engines, and historical DNS records to find assets that others miss.

Try Subdomain Finder Documentation

Sources:Crt.sh, HackerTarget, AlienVault, RapidDNS

Method:Passive Enumeration + Active Resolution

Speed:< 5 seconds average

reseac subfinder

> rasec subfinder -d example.com --active

[+] Target: example.com

[+] Sources: crt.sh, hackertarget, alienvault, rapiddns

[INF] Found 14 unique subdomains

[INF] Resolving IP addresses...

[+] admin.example.com [104.21.5.1] (Cloudflare)

[+] dev.example.com [10.0.0.5] (Private IP)

[+] api.example.com [34.201.12.55] (AWS)

[+] staging.example.com [172.16.5.99]

[+] test.example.com [Timed Out]

[INF] Enumeration complete in 2.4s

Key Features

Multi-Source Intelligence

Aggregates data from Crt.sh, HackerTarget, AlienVault, and RapidDNS for maximum coverage.

Live Discovery

Automatically resolves found subdomains to filter out dead hosts and identify active targets.

IP Resolution

Maps subdomains to IP addresses to help you identify hosting providers and potential takeovers.

Ready to try Subdomain Finder?

Start using this tool in seconds. No credit card required.

Launch Subdomain Finder

All Tools Try Live Demo