PySubEnum is an advanced, modular Subdomain Enumeration & Vulnerability Scanner designed for Red Teams and Bug Bounty hunters.
Unlike standard enumeration tools, PySubEnum goes beyond listing domains; it performs CNAME analysis to detect potential Subdomain Takeover vulnerabilities and offers a multi-threaded architecture for high-speed reconnaissance.
- π΅οΈββοΈ Multi-Source Passive Recon: Aggregates data from Crt.sh and HackerTarget without touching the target directly.
- π¨ Subdomain Takeover Detection: Automatically analyzes CNAME records to identify vulnerable pointers (e.g., pointing to abandoned Heroku, AWS S3, GitHub Pages, etc.).
- π Advanced DNS Resolution: Uses
dnspythonfor accurate A and CNAME record retrieval. - β Port Scanning: Multi-threaded check for critical open ports (
80,443,22,3306, etc.) on discovered assets. - π¨ Visual & Modular: Color-coded terminal output for easy reading and a clean, maintainable codebase structure.
- π Smart Reporting: Exports clean results to a file for further processing.
# Clone the repository
git clone https://github.com/bellamy58/PySubEnum.git
# Navigate to the directory
cd PySubEnum
# Install dependencies
pip install -r requirements.txt