Subduer is a tool for passive reconnaissance, focusing on discovering subdomains for a given domain. It uses Playwright to scrape data from several online providers and generates wordlists and reports in .csv and .json formats.
bash install.sh
python3 subduer.py <domain> # Scanning a domain
python3 subduer.py <domain> --report # Scanning a domain and saving the reportsSubduer saves reports in following formats:
subdomains_report_subduer_example.com.csv- CSV reportsubdomains_report_subduer_example.com.json- JSON reportsubdomains_report_subduer_example.com.txt- Newline separated wordlist
The tool is pretty fast as it asynchronously runs collectors.
- When collector fails to retrieve the subdomains, it retries.
- If you abuse the service and get captcha, it is yours to solve in the opened Playwright browser. After solving the captcha, the tool will retry.
- If a source fails after specified amount of retries, the subduer will simply ignore that source and continue execution.