A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
Alternatives To Subdomainizer
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
4 days ago125mitGo
Protect and discover secrets using Gitleaks 🔑
Trufflehog11,287622 days ago42April 28, 2021123agpl-3.0Go
Find and verify credentials
10 hours ago122otherTypeScript
♾ Infisical is an open-source, end-to-end encrypted platform for secret management: sync secrets across your team/infrastructure and prevent secret leaks.
4416 days ago43June 26, 20206apache-2.0Swift
Valet lets you securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It’s easy. We promise.
4 months ago14February 25, 202136mitJavaScript
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories:
Git Secret3,229
2 days ago2May 06, 202188mitShell
:busts_in_silhouette: A bash-tool to store your private data inside a git repository.
2 days ago30April 26, 202218mitGo
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
Bank Vaults1,854162 days ago71April 05, 2022230apache-2.0Go
A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.
6 days ago2mitPython
A tool to find subdomains and interesting things hidden inside, external Javascript files of page, folder, and Github.
C Jwt Cracker1,333
2 years ago10mitC
JWT brute force cracker written in C
Alternatives To Subdomainizer
Select To Compare

Alternative Project Comparisons

Python 3.x Twitter

Buy Me A Coffee


SubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascripts present in the given URL. This tool also finds S3 buckets, cloudfront URL's and more from those JS files which could be interesting like S3 bucket is open to read/write, or subdomain takeover and similar case for cloudfront. It also scans inside given folder which contains your files.

Cloud Storage Services Supported:

SubDomainizer can find URL's for following cloud storage services:

1. Amazon AWS services (cloudfront and S3 buckets)
2. Digitalocean spaces 
3. Microsoft Azure 
4. Google Cloud Services 
5. Dreamhost 
6. RackCDN. 

Secret Key's Searching: (beta)

SubDomainizer will also find secrets present in content of the page and javascripts files. Those secret finding depends on some specific keywords and Shannon Entropy formula. It might be possible that some secrets which searched by tool will be false positive. This secret key searching is in beta and later version might have increased accuracy for search results.




Installation Steps

  1. Clone SubDomainzer from git:
git clone
  1. Change the directory:
cd SubDomainizer
  1. Install the requirements:
pip3 install -r requirements.txt
  1. Enjoy the Tool.

Update to latest version:

Use following command to update to latest version:

git pull


Short Form Long Form Description
-u --url URL in which you want to find (sub)domains.
-l --listfile File which contain list of URL's needs to be scanned.
-o --output Output file name in which you need to save the results.
-c --cookie Cookies which needs to be sent with request.
-h --help show the help message and exit.
-cop --cloudop Give file name in which you need to store cloud services results.
-d --domains Give TLD (eg. for you have to give to find subdomain for given TLD seperated by comma (no spaces b/w comma).
-g --gitscan Needed if you want to get things via Github too.
-gt --gittoken Github API token is needed, if want to scan (also needed -g also).
-gop --gitsecretop Saving secrets to a file found in github.
-k --nossl Use this to bypass the verification of SSL certificate.
-f --folder Root folder which contains files/folder.
-san --subject_alt_name Find Subject Alternative Names for all found subdomains, Options: 'all', 'same'.

SAN options description:

  • all - This option will find all domains and subdomains.
  • same - This will only find subdomains for specific subdomains.


  • To list help about the tool:
python3 -h
  • To find subdomains, s3 buckets, and cloudfront URL's for given single URL:
python3 -u
  • To find subdomains from given list of URL (file given):
python3 -l list.txt
  • To save the results in (output.txt) file:
python3 -u -o output.txt
  • To give cookies:
python3 -u -c "test=1; test=2"
  • To scan via github:
python3 -u -o output.txt -gt <github_token> -g 
  • No SSL Certificate Verification:
python3 -u -o output.txt -gt <github_token> -g  -k
  • Folder Scanning:
python3 -f /path/to/root/folder/having/files/and/folders/  -d  -gt <github_token> -g  -k
  • Subject Alternative Names:
python3 -u https://www.example -san all
  • Saving secrets to a file scan found in github:
python3 -u -o output.txt -gt <github_token> -g -gop filename_to_save

Difference in results (with cookies and without cookies on

Results before using facebook cookies in SubDomainizer:


Results after using facebook cookies in SubDomainizer:



In the latest version (2.0) following important features are added:

  1. Find Subject Alternative Names for the found subdomains.
  2. Added where the secrets were found.


This tools is licensed under the MIT license. take a look at the LICENSE for information about it.

Want to Help?

Want to help if you like features and tools? or Liked this tool? Help Here

Popular Security Projects
Popular Secret Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Security Tools
S3 Bucket
Security Automation
Subdomain Scanner