SubFors

SubFors is a fast, modular subdomain discovery tool that combines multiple enumeration techniques to uncover hidden attack surfaces. Now with API integrations for enhanced reconnaissance.

Features

• Multi-engine enumeration (12 discovery methods)
• API integrations (VirusTotal, DNSDumpster, GitHub)
• Certificate Transparency monitoring
• Brute-force with custom wordlists
• Web Archives analysis
• JavaScript file scanning
• GitHub subdomain extraction
• Smart rate-limiting to avoid detection
• Multiple output formats (TXT/JSON/XML)
• Bulk domain processing

Installation

From Source

git clone https://github.com/saad-ayady/SubFors
cd SubFors
go build -o subfors main.go
sudo mv subfors /usr/local/bin/

Using Go

go install github.com/saad-ayady/SubFors/cmd/subfors@latest

Usage

Basic Scan

subfors -d example.com

Advanced Scan with APIs

subfors -d example.com \
  -vt YOUR_VIRUSTOTAL_API_KEY \
  -dn YOUR_DNSDUMPSTER_API_KEY \
  -gt YOUR_GITHUB_TOKEN \
  -oJ results.json


subfors -dL Scope.txt \
  -w custom_wordlist.txt \
  -vt YOUR_VIRUSTOTAL_API_KEY \
  -dn YOUR_DNSDUMPSTER_API_KEY \
  -gt YOUR_GITHUB_TOKEN \
  -oJ results.json

subfors -dL Scope.txt \
  -w custom_wordlist.txt \
  -oJ results.json

Bulk Scanning

subfors -dL domains.txt -w custom_wordlist.txt -oX results.xml

Full Options

Flag	Description	Example
-d	Target domain	-d example.com
-dL	File containing domains	-dL domains.txt
-vt	VirusTotal API key	-vt abc123def456
-dn	DNSDumpster API key	-dn xyz789uvw012
-gt	GitHub Personal Access Token	-gt ghp_abcd1234xyz
-w	Custom wordlist path	-w wordlist.txt
-o	Text output file	-o results.txt
-oJ	JSON output file	-oJ results.json
-oX	XML output file	-oX results.xml
-t	Threads (default: 10)	-t 20
-timeout	Timeout in seconds (default: 30)	-timeout 60

API Modules Guide :

VirusTotal Integration

1. Get your API key from VirusTotal
2. Use with -vt flag:

subfors -d target.com -vt YOUR_API_KEY

. Queries VirusTotal's subdomains database
. Handles pagination automatically
. Rate-limited to comply with API restrictions

DNSDumpster Integration

1. Get your API key from DNSDumpster
2. Use with -dn flag:

subfors -d target.com -dn YOUR_API_KEY

. Retrieves DNS records including historical data
. Processes A records for subdomains

GitHub Integration

1. Get your API key from GitHub Personal Access Token
2. Use with -gt flag:

subfors -d target.com -gt YOUR_GITHUB_TOKEN

. Searches public code and repositories for subdomains
. Extracts leaked endpoints and configs containing domains
. Avoids GitHub rate-limits using your token

Output Example

[•] Starting SubFors v0.2 scan for example.com
[✓] VirusTotal API connected (Quota: 498/500)
[✓] GitHub token authenticated
[•] Running 12 discovery modules...

[+] admin.example.com       (Certificate Transparency)
[+] api.dev.example.com     (VirusTotal)
[+] devops.example.com      (GitHub)
[+] legacy.example.com      (DNSDumpster)
[+] beta.example.com        (Web Archives)

[✓] Scan completed in 2m18s
[✓] Found 612 unique subdomains
[✓] JSON results saved to: results.json

Comparison

Feature	SubFors	SubFinder	AssetFinder
API Integrations	✅ (VT+DNS)	❌	❌
Multi-engine	✅ (11)	✅ (8)	❌
CT Logs	✅	✅	✅
Web Archives	✅	❌	❌
JS Analysis	✅	❌	❌
GitHub Leaks	✅	❌	❌
Rate Limiting	✅	❌	❌
Bulk Processing	✅	✅	❌

Contribution

1. Fork the repository

2. Create your feature branch

3. Commit your changes

4. Push to the branch

5. Open a pull request

Developed by 0xS22d - Happy Hunting! 🎯🚀