Sudomy Subdomain analysis

Sudomy is a tool for collecting subdomains and domain analysis with automated recognition. This tool can also be used for OSINT activities.


Active Method

Sudomy uses Gobuster tools due to its high speed in executing DNS Subdomain Bruteforce attack (wildcard support). The word list used comes from SecList Combined Lists (Discover / DNS) containing about 3 million entries

Passive Method

Looks for information through top third-party applications to show you the best results. The information pages are as follows:

Recon Worfklow

Detail information


- subdomain.txt - Subdomain list <$ DOMAIN (Target)
- httprobe_subdomain.txt - Validate Subdomain <subdomain.txt
- webanalyzes.txt - Identify technology scan <httprobe_subdomain.txt
- httpx_status_title.txt - title + statuscode + lenght <httprobe_subdomain.txt
- dnsprobe_subdomain.txt - Subdomain resolv <subdomain.txt
- Subdomain_Resolver.txt - Subdomain resolv (alt) <subdomain.txt
- cf-ipresolv.txt - Cloudflare scan <ip_resolver.txt
- Live_hosts_pingsweep.txt - Live Host check <ip_resolver.txt
- ip_resolver.txt - IP resolv list <Subdomain_Resolver :: dnsprobe
- ip_dbasn.txt - ASN Number Check <ip_resolver.txt
- vHost_subdomain.txt - Virtual Host (Group by ip) <Subdomain_Resolver.txt
- nmap_top_ports.txt - Active port scanning <cf-ipresolv.txt
- ip_dbport.txt - Passive port scanning <cf-ipresolv.txt

  NASA offers 3D moons for graphic creations

- Passive_Collect_URL_Full.txt - Full All Url Crawl (WebArchive, CommonCrawl, UrlScanIO)

- ./screenshots/report-0.html - Screenshoting report <httprobe_subdomain.txt
- ./screenshots/gowitness.db - Database screenshot <httprobe_subdomain.txt

User guides


$ pip install -r requirements.txt
git clone –recursive


Sud⍥my - Fast Subdmain Enumeration and Analyzer

Usage: sud⍥ [-h [–help]] [-s [–source]] [- d [–domain =]]

Example: sud⍥ -d
sud⍥ -s Shodan, VirusTotal -d
sud⍥ -pS -rS -sC -nT -sS -d

Optional Arguments:
-a, –all Running all Enumeration, no nmap & gobuster
-b, –bruteforce Bruteforce Subdomain Using Gobuster (Wordlist: ALL Top SecList DNS)
-d, –domain domain of the website to scan
-h, –help show this help message
-o, –outfile specify an output file when completed
-s, –source Use source for Enumerate Subdomain
-aI, –apps-identifier Identify technologies on website (ex: -aI webanalyze)
-dP, –db-port Collecting port from 3rd Party default = shodan
-eP, –extract-params Collecting URL Parameter from Engine
-tO, –takeover Subdomain TakeOver Vulnerabilty Scanner
-wS, –websocket WebSocket Connection Check
-cF, –cloudfare Check an IP is Owned by Cloudflare
-pS, –ping-sweep Check live host using methode Ping Sweep
-rS, –resolver Convert domain lists to resolved IP lists without duplicates
-sC, –status-code Get status codes, response from domain list
-nT, –nmap-top Port scanning with top-ports using nmap from domain list
-sS, –screenshot Screenshots a list of website (default: gowitness)
-nP, –no-passive Do not perform passive subdomain enumeration
-gW, –gwordlist Generate wordlist based on collecting url resources (Passive)
–Httpx Perform httpx multiple probers using retryablehttp
–Dnsprobe Perform multiple dns queries (dnsprobe)
–No-probe Do not perform httprobe
–Html Make report output into HTML

  Tweets on Google's results pages

Application snapshots

Video guide


You can download the application from here.

Registration in via email

Your email for sending each new post

Follow us on Google News at Google news

Leave a reply

Your email address Will not be published.

2 + 6 =  

Previous Story

Facebook donates 1 XNUMX million to Bletchley Park

Next Story

Krita 4.4.0 Open Source image editing application