Posted in PROGRAMMING LANGUAGE / PYTHON
Vinay Khatri
Last updated on August 1, 2024
This tutorial details how to make a subdomain scanner in Python. Popular tech giants such as Google, Mozilla, Apple, and Meta not only have their official websites with various domain names but also support many subdomains for their various products and services.
For example, facebook.com has a subdomain https://developers.facebook.com/ that provides a platform for developers across the globe to communicate and contribute to Meta.
Similarly, the social media giant has many subdomains for all the services and products it offers.
In this Python tutorial, we will learn how to list out all the subdomains offered by a domain in Python . However, before we discuss the Python program, let's discuss the libraries and other dependencies we will be using for this tutorial.
Required Libraries and Files
1) Python requests
Library
In this tutorial, we will be using the de-facto Python library for HTTP requests, i.e., the requests
library to handle HTTP requests. Using requests, we will send the get request to the prospect subdomain URLs and check if the subdomain for the domain exists or not.
To install the requests library for your Python environment, run the following pip install command on your terminal or command prompt:
pip install requests
2) Python colorama
Library (Optional)
colorama
is an open-source Python library that is used to produce colorful terminal text. In this tutorial, we will be using this library to print the output text in a colored format. You can install the colorama
library for your Python environment using the following pip install command:
pip install colorama
3) subdomains.txt File
To find out all the subdomains of a domain, we will use brute force techniques, in which we will send the GET request to all the combinations of subdomain URLs, and based on the success response, we will print the available subdomains. You can copy and paste the suffix for all possible subdomain from our GitHub repository and save it locally as subdomains.txt
.
We would recommend you save the subdomains.txt file in the same directory where your Python script is located.
Now, it's time to open your best Python IDE or text editor and start coding.
How to Make a Subdomain Scanner in Python?
We will start with importing the required modules.
import requestsfrom colorama import Fore#for windowsfrom colorama import initinit()
If you are on a Windows system, you need to initialize colorama
by calling the init()
method. It will not have any effect on macOS and Linux. Now, let's define an identifier url
that represents the domain name for which we want to find all the subdomains.
# the domain to scan for subdomainsdomain = "facebook.com"
In this tutorial, we are finding all the subdomains offered by facebook.com. Next, we will open the subdomains.txt file in the read "r"
mode, read the subdomains line by line, create the subdomain URL with the help of subdomain and domain, and send GET request to the subdomain URL.
with open(filename, "r") as file: for subdomain in file.readlines(): # define subdomain url subdomain_url = f"https://{subdomain.strip()}.{domain}" try: response = requests.get(subdomain_url) #200 success code if response.status_code==200: print(Fore.GREEN +f"Subdomain Found [+]: {subdomain_url}") except: pass
- The
readlines()
function will read the file line by line. -
strip()
will remove the unnecessary space and new line from the subdomain string. - The
get()
function will send the GET request to the specified URL. -
status_code
returns an integer value for the response status.
Finally, put all the code together and execute.
Python Program to Find Subdomains
import requestsfrom colorama import Fore#initialize colorama for windowsfrom colorama import initinit()# the domain to scan for subdomainsdomain = "facebook.com"#https://github.com/KHATRIVINAY1/data/blob/main/subdomains.txtfilename="subdomains.txt"with open(filename, "r") as file: for subdomain in file.readlines(): # define subdomain url subdomain_url = f"https://{subdomain.strip()}.{domain}" try: response = requests.get(subdomain_url) #200 success code if response.status_code==200: print(Fore.GREEN +f"Subdomain Found [+]: {subdomain_url}") except: pass
Output
Conclusion
In this Python tutorial, we learned how to make a subdomain scanner in Python. When you execute the above program, it might take a few minutes to print out all the subdomains offered by Facebook.com.
If you want your program to run faster, you can use multithreading in Python .
People are also reading:
- Best Python GUI Frameworks
- Parse Data From JSON Into Python
- Delete a File in Python
- Update All Python Packages
- How to loop with indexes in Python?
- Python list vs. Tuple
- Best Python Data Visualization Libraries
- Python Modulo in Practice
- Python Data Visualization