Questions about the Subdomain Finder API

The things developers ask before wiring up the Subdomain Finder API — what it returns, what it covers, and where the limits are. Straight answers, no fluff.

Everything you asked

Still stuck on something specific? The team answers real integration questions directly.

Contact support
How are subdomains discovered?
We use multiple techniques including certificate transparency logs, DNS enumeration, and public data sources to find subdomains.
Is this legal to use?
Yes, subdomain discovery uses publicly available information. Always ensure you have authorization before using results for security testing.
Are all subdomains found?
We find publicly discoverable subdomains. Internal-only or very new subdomains may not appear if they haven't been indexed.
How current is the data?
Results combine real-time lookups with cached data from certificate transparency and other sources, typically updated daily.
Can I use this for bug bounties?
Yes, subdomain enumeration is a common reconnaissance step. Ensure the program scope includes the subdomains you test.
What about wildcard subdomains?
We detect wildcard DNS configurations and note them. Wildcard domains respond to any subdomain query.

Answer the last question by building. Free tier, no card — run the Subdomain Finder API in minutes.

Scaling up?

Volume pricing, custom SLAs, and dedicated support for high-traffic teams.

Contact sales