Search Results for "subdomain"
Sort By:
Showing 53 open source projects for "subdomain"
View related business solutions-
Auth0 B2B Essentials: SSO, MFA, and RBAC Built InAuth0's B2B Essentials plan gives you everything you need to ship secure multi-tenant apps. Unlimited orgs, enterprise SSO, RBAC, audit log streaming, and higher auth and API limits included. Add on M2M tokens, enterprise MFA, or additional SSO connections as you scale.
-
Catch Bugs Before Your Customers DoMove from alert to fix before users notice. AppSignal monitors errors, performance bottlenecks, host health, and uptime—all from one dashboard. Instant notifications on deployments, anomaly triggers for memory spikes or error surges, and seamless log management. Works out of the box with Rails, Django, Express, Phoenix, Next.js, and dozens more. Starts at $23/month with no hidden fees.
-
1
Scope Sentry
Cyberspace asset mapping and vulnerability scanning platform
...It helps security researchers and penetration testers discover, monitor, and analyze internet-facing assets belonging to a target scope. ScopeSentry combines multiple reconnaissance and vulnerability assessment capabilities such as subdomain enumeration, port scanning, directory scanning, and sensitive information detection. ScopeSentry can automatically identify assets and services, extract URLs, and crawl websites to collect useful security data for further analysis. It also includes vulnerability scanning and subdomain takeover detection to help identify common security weaknesses across web infrastructure. ... -
2
subfinder
Fast passive subdomain enumeration tool
Subfinder is a high-performance passive subdomain discovery tool built for fast and reliable asset enumeration. It focuses exclusively on collecting valid subdomains from a wide range of passive online sources, prioritizing accuracy and speed over intrusive scanning techniques. The project is widely used in bug bounty hunting, penetration testing, and attack surface mapping because it minimizes noise while producing actionable results. -
3
subjack
Subdomain Takeover tool written in Go
...This script parses and greps through the dump for desired CNAME records and makes a large list of subdomains to check with subjack if they're vulnerable to Hostile Subdomain Takeover. Of course, this isn't the only method to get a large amount of data to test. -
4
Exoframe
A self-hosted tool that allows simple one-command deployment
Exoframe is a self-hosted tool that allows simple one-command deployments using Docker. Simple function deployments. Multiple deployment endpoints and multi-user support. Simple update procedure for client, server and Traefik. Optional automatic subdomain assignment (i.e. every deployment gets its own subdomain). Swarm mode deployments. Complex recipes support (i.e. deploy complex systems in one command). -
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
5
Th3inspector
Best Tool For Information Gathering
...It exposes a single command-line entrypoint (Th3inspector.pl) with many switches for common reconnaissance tasks — examples include website info, whois, MX lookup, geo-IP, subdomain discovery, CMS detection, port scanning, and Cloudflare real-IP resolution — so a user can chain many checks from one script. The project provides simple install wrappers for Linux, Android/Termux and even instructions for Windows (Perl + CPAN modules), and includes helper scripts to update or install dependencies automatically. ... -
6
Findomain
Fast open source tool for discovering and monitoring domain subdomains
Findomain is an open source reconnaissance tool designed to discover and enumerate subdomains associated with a target domain. It focuses on speed and reliability by using Certificate Transparency logs and multiple well tested public APIs instead of relying solely on brute force scanning techniques. By querying multiple passive data sources in parallel, the tool can identify a large number of subdomains within a short time, making it useful for security researchers, penetration testers, and... -
7
X-osint
Open source OSINT tool for gathering data on emails, phones, and IPs
...It provides investigators and researchers with a centralized interface for running information-gathering tasks that would normally require multiple separate tools. X-osint can also perform domain-related reconnaissance activities such as subdomain enumeration, DNS lookups, and host discovery to help identify infrastructure associated with a target. In addition to network and domain intelligence, it includes features for extracting metadata from files or images and analyzing text content to uncover hidden details. X-osint is written primarily in Python and is designed to run in terminal environments, particularly on Linux systems and Termux setups. -
8
Raccoon
High-performance reconnaissance and vulnerability scanning tool
...The tool combines multiple scanning techniques into a single workflow, helping users identify potential weaknesses, exposed services, and accessible resources on a target host. Raccoon can perform DNS enumeration, subdomain discovery, and URL fuzzing to uncover hidden endpoints and infrastructure components. It also integrates network scanning capabilities through tools such as Nmap to detect open ports, services, and potential vulnerabilities. By consolidating these reconnaissance tasks into a single command-line interface, Raccoon aims to streamline the early phases of security testing and provide actionable information for further investigation. -
9
pgrok
HTTP/TCP reverse tunnel solution through SSH remote port forwarding
...This is intended for small teams that need to expose the local development environment to the public internet, and you need to bring your own domain name and SSO provider. It gives a stable subdomain for every user and gated by your SSO through the OIDC protocol. Think of this as a bare-bones alternative to the ngrok's $65/user/month enterprise tier. Trying to put this behind a production system will blow up your SLA. For individuals and production systems, just buy ngrok, it is still my favorite. -
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
10
reconFTW
Automated framework for domain reconnaissance and vulnerability scans.
...The tool streamlines the reconnaissance phase of security assessments by orchestrating numerous specialized tools to gather intelligence about a target domain. It performs multiple discovery and analysis tasks such as subdomain enumeration, OSINT collection, and vulnerability scanning in an automated workflow. The framework integrates many external security utilities and coordinates them to produce comprehensive reconnaissance results efficiently. Its modular design allows users to customize the process, enabling or disabling modules and adjusting settings according to their needs. reconFTW also provides configuration options for API keys, execution preferences, and tool paths through a dedicated configuration file. ... -
11
WordOps
Install and manage a high performance WordPress stack
An essential toolset that eases WordPress site and server administration. -
12
Gobuster
Directory/File, DNS and VHost busting tool written in Go
...This project is born out of the necessity to have something that didn't have a fat Java GUI (console FTW), something that did not do recursive brute force, something that allowed me to brute force folders and multiple extensions at once, something that compiled to native on multiple platforms, something that was faster than an interpreted script (such as Python), and something that didn't require a runtime. Provides several modes, like the classic directory brute-forcing mode, DNS subdomain brute-forcing mode, the mode that enumerates open S3 buckets and looks for existence and bucket listings, and the virtual host brute-forcing mode (not the same as DNS!). Since this tool is written in Go you need to install the Go language/compiler/etc. Full details of installation and set up can be found on the Go language website. ... -
13
frp
A Fast Reverse Proxy
frp stands for exactly what it is: a fast reverse proxy. It helps you expose a local server behind a NAT or firewall to the Internet. It is currently under development, but already supports TCP and UDP, as well as HTTP and HTTPS protocols where requests can be forwarded to internal services by domain name. It also has a P2P connect mode and many other nifty features. These include configuration files, environment variables, a dashboard that shows you frp's status and proxies' statistics... -
14
bifrost-gateway
A lightweight IPFS Gateway daemon backed by a remote data store
A lightweight IPFS Gateway daemon backed by a remote data store. bifrost-gateway provides a single binary daemon implementation of HTTP+Web Gateway Specs. All you need is a trustless gateway endpoint that supports verifiable response types. The minimum requirement is support for GET /ipfs/cid with application/vnd.ipld.raw (block by block). -
15
Bedrock
WordPress boilerplate with modern development tools
...Much of the philosophy behind Bedrock is inspired by the Twelve-Factor App methodology including the WordPress specific version. Bedrock is multisite network compatible, but needs the roots/multisite-url-fixer mu-plugin on subdomain installs to make sure admin URLs function properly. This plugin is not needed on subdirectory installs but will work well with them. Composer is used to manage dependencies. Bedrock considers any 3rd party library as a dependency including WordPress itself and any plugins. -
16
BBOT
The recursive internet scanner for hackers
BBOT is an advanced open-source reconnaissance automation framework designed to streamline large-scale OSINT and attack surface discovery workflows. It operates as a modular and recursive scanning tool that can enumerate subdomains, perform port scans, gather metadata, and collect web intelligence through a unified command-line interface. The project emphasizes extensibility, allowing users to create or integrate custom modules that expand the scope of reconnaissance tasks without modifying... -
17
sn0int
Semi-automatic OSINT framework and package manager
sn0int is a semi-automatic OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence about a given target or about yourself. sn0int is enumerating attack surfaces by semi-automatically processing public information and mapping the results in a unified format for follow-up investigations. sn0int is heavily inspired by recon-ng and maltego, but remains more flexible and is fully opensource. None of the investigations listed above are... -
18
ClawHost
Deploy OpenClaw with one click
...The platform includes a user-friendly web dashboard and REST API that let users select regions, manage servers, and configure SSH keys with minimal friction. ClawHost supports automatic domain and subdomain management through Cloudflare integration and uses services like Hetzner for cloud provisioning, making it scalable across geographies. With built-in billing support via integrations like Polar.sh, users can manage subscriptions and invoicing directly from the platform, enabling it to serve both personal projects and small business use cases. -
19
GOAD (Game of Active Directory)
game of active directory
GOAD (Gather Open Attack Data) is a security reconnaissance framework for collecting, enriching, and visualizing open-source intelligence (OSINT) around hosts, domains, and certificates. It automates queries to certificate transparency logs, passive DNS, subdomain enumeration, web endpoints, and other public threat feeds. The tool aggregates results into structured formats and can produce interactive graphs to highlight relationships between entities (e.g. domain → IP → cert → ASN). Analysts can filter, cluster, and explore these relationships to identify infrastructure patterns, potential subdomains, or attack surfaces. ... -
20
OWASP Maryam
Modular OSINT framework for automated open-source intelligence gatheri
Maryam is an open source intelligence (OSINT) framework designed to automate the process of gathering and analyzing publicly available information from the internet. It provides a modular environment that enables users to collect data from search engines, open data sources, and various online services for reconnaissance and investigative purposes. Written in Python, Maryam is built to provide a flexible and extensible framework for harvesting information quickly and efficiently from open... -
21
reNgine
Automated framework for web application reconnaissance and scanning
reNgine is an automated reconnaissance framework designed to simplify and enhance the process of gathering information about web applications during security assessments. It provides a streamlined workflow for penetration testers, bug bounty hunters, and security teams who need to perform reconnaissance efficiently and at scale. The platform integrates multiple open-source reconnaissance tools into a unified environment with a configurable scanning engine and an intuitive web interface.... -
22
MicroBurst
A collection of scripts for assessing Microsoft Azure security
MicroBurst is a PowerShell toolkit from NetSPI focused on assessing Microsoft Azure security by automating discovery, enumeration, and targeted auditing of cloud services and configurations. It bundles many functions to enumerate Azure resources (subscriptions, VMs, storage accounts, container registries, App Services and more), probe common misconfigurations, and harvest sensitive artifacts when available (for example storage blobs, keys, automation account credentials, and other... -
23
Grape
An opinionated framework for creating REST-like APIs in Ruby
Grape is a Ruby framework for building REST-like APIs with a focus on simplicity and convention. It provides a DSL for declaring endpoints, parameters, formats, and validation rules, making it easy to build consistent and documented APIs. Grape supports multiple content types (JSON, XML, etc.), versioning, error handling, and authentication hooks, which are crucial for maintaining long-lived APIs. It integrates well with frameworks like Rails or Sinatra but can also be used standalone for... -
24
FinalRecon
All-in-one Python web reconnaissance tool for fast target analysis
FinalRecon is an all-in-one web reconnaissance tool written in Python that helps security professionals gather information about a target website quickly and efficiently. It combines multiple reconnaissance techniques into a single command-line utility so users do not need to run several separate tools to collect similar data. FinalRecon focuses on providing a fast overview of a web target while maintaining accuracy in the collected results. It includes modules for gathering server... -
25
Adonis Core
The Node.js Framework highly focused on developer ergonomics
...To give your projects a head start, we pack many baseline features within the core of the framework. AdonisJS has a feature-rich routing layer with support for route groups, subdomain-based routing, and resource resources. Controllers are first-class citizens in AdonisJS. They help you remove the inline route handlers to dedicated controller files. Along with the standard body parser, the support for managing file uploads is baked into the framework core. The schema-based validator of AdonisJS provides you with both runtime validations and static type safety. ...
