SubRecon is a lightweight multi-source passive subdomain discovery tool designed for security researchers and asset inventory workflows. It aggregates results from multiple OSINT sources and supported external tools, normalizes data, removes duplicates, performs wildcard detection, filters obvious false positives, and exports clean results.
Domain
│
▼
Internal Sources
+
External Tools
▼
Merge Results
▼
Normalize
▼
Deduplicate
▼
Wildcard Detection
▼
False Positive Filtering
▼
Export Results
| Feature | Description |
|---|---|
| 🌐 Multi-Source Discovery | Collects subdomains from multiple passive OSINT sources |
| ⚡ Concurrent Collection | Parallel collection from all available sources |
| 🔄 Deduplication | Automatic duplicate removal |
| 🧹 Hostname Normalization | Cleans malformed entries |
| 🔬 Wildcard Detection | Multi-probe wildcard DNS detection |
| 🛡️ False Positive Filtering | Filters clearly invalid entries |
| 📊 Live Dashboard | Progress bars and live counters |
| 🔌 External Tool Support | Subfinder, Amass, Assetfinder, Sublist3r |
- crt.sh
- HackerTarget
- AlienVault OTX
- URLScan
- RapidDNS
- Subfinder
- Amass
- Assetfinder
- Sublist3r
git clone https://github.com/EnCrYpTeD05/SubRecon.git
cd SubRecon
chmod +x install.sh
./install.sh- Python 3.10+
- rich
- dnspython
python3 subrecon.py example.compython3 subrecon.py example.com --timeout 15python3 subrecon.py example.com --filter-workers 200python3 subrecon.py example.com --no-external-tools| File | Description |
|---|---|
| subdomains.txt | Discovered subdomains |
| false_positive.txt | Filtered entries with reasons |
This project is intended for authorized security testing, research, and educational purposes only.
Always obtain proper authorization before conducting reconnaissance activities.
The author is not responsible for misuse of this software.
EnCrYpTeD05
GitHub: https://github.com/EnCrYpTeD05
Website: https://encrypted05.github.io/
⭐ If SubRecon helped you, consider starring the repository.