Boost Subdomain Discovery with Subfinder and API Integrations

Subfinder is a popular open-source tool created by Project Discovery which is designed for discovering and enumerating subdomains.

Link : https://github.com/projectdiscovery/subfinder

We can enhance the power of the the subfinder by integrating search engines of shodan,censys and securitytrials.

Censys Search : Censys Search is a tool that uses internet visibility datasets to help security teams research, monitor, and defend their systems.

Fetching API details from https://search.censys.io/accounts/api

Shodan : Shodan is a search engine that scans the internet for devices and services that are connected to it.

Fetching Shodan API key in the Account Overview : https://account.shodan.io/

SecurityTrials : SecurityTrails enables you to explore complete current and historical data for any internet assets

Fetching securitytrials API Key : https://securitytrails.com/app/account/credentials

We need to find where are the configuration files of subfinder located

We can see there are two configuration files of subfinder

config.yaml
provider-config.yaml

Edit the provider-config.yaml using nano, vim or vi editor and enter the keys in the respective yaml files as follows:

vi provider-config.yaml

bevigil: []
binaryedge: []
bufferover: []
builtwith: []
c99: []
censys: [API ID:Secret]
certspotter: []
chaos: []
chinaz: []
dnsdb: []
dnsrepo: []
facebook: []
fofa: []
fullhunt: []
github: []
hunter: []
intelx: []
leakix: []
netlas: []
passivetotal: []
quake: []
redhuntlabs: []
robtex: []
securitytrails: [APIKey]
shodan: [API Key]
threatbook: []
virustotal: []
whoisxmlapi: []
zoomeyeapi: []

Run the subfinder using command

subfinder -d example.com

You can add more API Keys and secrets to enhance your enumeration of subdomains via subfinder.