Awesome Open Source
Awesome Open Source

Horn3t - Better Subdomain Reconnaissance

  • Recon your targets at blazing speed
  • Enhance your productivity by focusing on interesting looking sites
  • Enumerate critical sites immediately
  • Sting your target

Horn3t is your Nr #1 tool for exploring subdomains visually.
Building on the great Sublist3r framework (or extensible with your favorite one) it searches for subdomains and generates awesome picture previews. Get a fast overview of your target with http status codes, add custom found subdomains and directly access found urls with one click.

demo preview


  • Install Google Chrome
  • Install requirements.txt with pip3
  • Install requirements.txt of sublist3r with pip3
  • Put the directory within the web server of your choice
  • Make sure to have the right permissions
  • Run

Or alternatively use the file with docker.
Afterwards you can access the web portal under http://localhost:1337


  • Better Scaling on Firefox
  • Add Windows Dockerfile
  • Direkt Nmap Support per click on a subdomain
  • Direkt Dirb Support per click on a subdomain
  • Generate PDF Reports of found subdomains
  • Assist with subdomain takeover


Horn3t is licensed under the GNU GPL license. take a look at the LICENSE for more information.

Respect legal restrictions and only conduct testing against infrastructure that you have permission to target.


  • aboul3la - The creator of Sublist3r; turbolist3r adds some features but is otherwise a near clone of sublist3r.
  • TheRook - The bruteforce module was based on his script subbrute.
  • bitquark - The Subbrute's wordlist was based on his research dnspop.

Tested on Windows 10 and Debian with Google Chrome/Chromium 73

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Selenium (3,093
Security Tools (1,752
Pentesting (1,388
Selenium Webdriver (1,094
Penetration Testing (840
Security Audit (399
Enumeration (369
Web Security (241
Subdomain Scanner (97
Subdomain Enumeration (88
Subdomain Takeover (36
Subdomain Bruteforcing (16
Sublist3r (10
Subdomainsbrute (4
Related Projects