
Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in a fast and comprehensive way.
Features
For a recent time, Sudomy has these 13 features:
- Easy, light, fast, and powerful. A bash script is available by default in almost all Linux distributions. By using the bash script multiprocessing feature, all processors will be utilized optimally.
- Subdomain enumeration process can be achieved by using active method or passive method
- Active Method
- Sudomy utilizes Gobuster tools because of its highspeed performance in carrying out the DNS Subdomain Bruteforce attack (wildcard support). The wordlist that is used comes from combined SecList (Discover/DNS) lists which contain around 3 million entries
- Passive Method
- By selecting good third-party sites, the enumeration process can be optimized. More results will be obtained with less time required. Sudomy can collect data from these well-curated 20 third-party sites:
https://dnsdumpster.com https://web.archive.org https://shodan.io https://virustotal.com https://crt.sh https://www.binaryedge.io https://securitytrails.com https://sslmate.com/certspotter https://censys.io https://threatminer.org http://dns.bufferover.run https://hackertarget.com https://www.threatcrowd.org https://riddler.io https://findsubdomains.com https://rapiddns.io/ https://otx.alienvault.com/ https://index.commoncrawl.org/ https://urlscan.io/
- By selecting good third-party sites, the enumeration process can be optimized. More results will be obtained with less time required. Sudomy can collect data from these well-curated 20 third-party sites:
- Active Method
- Test the list of collected subdomains and probe for working HTTP or https servers. This feature uses a third-party tool, httprobe.
- Subdomain availability test based on Ping Sweep and/or by getting HTTP status code.
- The ability to detect virtual host (several subdomains which resolve to single IP Address). Sudomy will resolve the collected subdomains to IP addresses, then classify them if several subdomains resolve to a single IP address. This feature will be very useful for the next penetration testing/bug bounty process. For instance, in port scanning, single IP address won’t be scanned repeatedly
- Performed port scanning from collected subdomains/virtualhosts IP Addresses
- Testing Subdomain TakeOver attack
- Taking Screenshots of subdomains
- Identify technologies on websites
- Data Collecting/Scraping open port from 3rd party (Default::Shodan), For right now just using Shodan [Future::Censys,Zoomeye]. More efficient and effective to collecting port from list ip on target [[ Subdomain > IP Resolver > Crawling > ASN & Open Port ]]
- Collecting Juicy URL & Extract URL Parameter ( Resource Default::WebArchive, CommonCrawl, UrlScanIO)
- Define the path for outputfile (specify an output file when completed)
- Report output in HTML & CSV format
How Sudomy Works
Sudomy is using cURL library in order to get the HTTP Response Body from third-party sites to then execute the regular expression to get subdomains. This process fully leverages multi processors, more subdomains will be collected with less time consumption.
Publication
- Sudomy: Information Gathering Tools for Subdomain Enumeration and Analysis - IOP Conference Series: Materials Science and Engineering, Volume 771, 2nd International Conference on Engineering and Applied Sciences (2nd InCEAS) 16 November 2019, Yogyakarta, Indonesia
User Guide
- Offline User Guide : Sudomy - Subdomain Enumeration and Analysis User Guide v1.0
- Online User Guide : Subdomain Enumeration and Analysis User Guide
Comparison
The following are the results of passive enumeration DNS testing of Sublist3r, Subfinder, and Sudomy. The domain that is used in this comparison is bugcrowd.com.
Author

- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Latest Articles
Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
Blog2022.10.12Vulnerability management with Wazuh open source XDR
Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky
Subscribe
0 Comments