How are subdomains discovered?
We use multiple techniques including certificate transparency logs, DNS enumeration, and public data sources to find subdomains.
Is this legal to use?
Yes, subdomain discovery uses publicly available information. Always ensure you have authorization before using results for security testing.
Are all subdomains found?
We find publicly discoverable subdomains. Internal-only or very new subdomains may not appear if they haven't been indexed.
How current is the data?
Results combine real-time lookups with cached data from certificate transparency and other sources, typically updated daily.
Can I use this for bug bounties?
Yes, subdomain enumeration is a common reconnaissance step. Ensure the program scope includes the subdomains you test.
What about wildcard subdomains?
We detect wildcard DNS configurations and note them. Wildcard domains respond to any subdomain query.