pdlist: passive subdomain finder
pdlist
pdlist is a passive subdomain finder written in python. This tool can be used effectively to collect information about a domain without ever sending a single packet to any of its hosts. Given a domain like “example.com” it will find all the hosts which have a hostname <something>.example.com or URLs strictly related to example.com.
In order to collect information about subdomains the software queries different publicly available websites, which at the moment are:
- threatcrowd
- urlscan
- hackertarget
- dnsdumpster
- crt.sh
- certspotter
pdlist is very user-friendly and lightweight since the only dependencies are the following python modules:
- requests
- dnsdumpster
Install
git clone https://github.com/gnebbia/pdlist
cd pdlist
pip install -r requirements.txt
python setup.py install
Use
To have a list of subdomains passively of for example example.com we can do:
pdlist example.com
we can also specify multiple domains, e.g.,;
pdlist example1.com example2.com
We can save the output in a text file by doing:
pdlist example.com -o example-list.txt
Notice that by default pdlist will also output hostnames which may not really be proper subdomains of the specified domains, and this happens because those subdomains are still related to the specified domains.
If we want to only output proper subdomains we can enable the strict mode by doing:
pdlist example.com --strict
Demo
Copyright © 2019, GNC
Source: https://github.com/gnebbia/
