Subdomain Finder

How to Use the Subdomain Finder

1. Enter Domain: Type a domain name (e.g., example.com) in the Domain Name input field.
2. Click Find Subdomains: Press the "Find Subdomains" button to start the scan.
3. Wait for Results: The tool will query for subdomains and display a loading indicator.
4. Review Discovered Subdomains: View the list of found subdomains with their associated DNS records.
5. Analyze Results: Use the subdomain and IP information for security auditing or reconnaissance.

Technical Overview & Use Cases

The Subdomain Finder queries known subdomain databases and DNS records to enumerate subdomains associated with a target domain. It leverages a dedicated API endpoint that performs passive reconnaissance by checking certificate transparency logs, DNS brute-forcing with common wordlists, and aggregating results from multiple OSINT sources. Results include both the subdomain name and resolved IP addresses or CNAME records, giving you a comprehensive view of a domain's attack surface. This tool is essential for security professionals conducting authorized penetration testing and organizations auditing their own infrastructure for forgotten or exposed services.

Real-world use cases:

• Security Auditing: Discover forgotten subdomains that may have vulnerabilities or expose sensitive data.
• Bug Bounty Hunting: Enumerate target scope subdomains to find potential attack vectors for authorized testing.
• Infrastructure Mapping: Get a complete picture of your organization's web-facing assets and services.

Privacy & Security Guarantee

This tool is part of the FAK LAB ecosystem, founded by Faizan Ahmad Khan Khichi. The subdomain lookup uses a secure API to query public DNS and certificate transparency data. Your search queries are not logged or stored permanently. The interface runs 100% client-side. No data is ever stored or shared.

Frequently Asked Questions

Is this tool legal to use?

Yes. Subdomain enumeration uses publicly available DNS records and certificate transparency logs. However, always ensure you have authorization before testing domains you do not own.

How many subdomains can it find?

Results depend on the target domain. Large organizations may have hundreds of subdomains while smaller sites may only have a few.

Why are some subdomains not showing IP addresses?

Some subdomains may use CNAME records pointing to other domains, or their DNS records may not resolve at the time of the query.