How to Make a Subdomain Scanner in Python?

This tutorial details how to make a subdomain scanner in Python. Popular tech giants such as Google, Mozilla, Apple, and Meta not only have their official websites with various domain names but also support many subdomains for their various products and services.

For example, facebook.com has a subdomain https://developers.facebook.com/ that provides a platform for developers across the globe to communicate and contribute to Meta.

Similarly, the social media giant has many subdomains for all the services and products it offers.

In this Python tutorial, we will learn how to list out all the subdomains offered by a domain in Python . However, before we discuss the Python program, let's discuss the libraries and other dependencies we will be using for this tutorial.

Required Libraries and Files

1) Python requests Library

In this tutorial, we will be using the de-facto Python library for HTTP requests, i.e., the requests library to handle HTTP requests. Using requests, we will send the get request to the prospect subdomain URLs and check if the subdomain for the domain exists or not.

To install the requests library for your Python environment, run the following pip install command on your terminal or command prompt:

pip install requests

2) Python colorama Library (Optional)

colorama is an open-source Python library that is used to produce colorful terminal text. In this tutorial, we will be using this library to print the output text in a colored format. You can install the colorama library for your Python environment using the following pip install command:

pip install colorama

3) subdomains.txt File

To find out all the subdomains of a domain, we will use brute force techniques, in which we will send the GET request to all the combinations of subdomain URLs, and based on the success response, we will print the available subdomains. You can copy and paste the suffix for all possible subdomain from our GitHub repository and save it locally as subdomains.txt .

We would recommend you save the subdomains.txt file in the same directory where your Python script is located.

Now, it's time to open your best Python IDE or text editor and start coding.

How to Make a Subdomain Scanner in Python?

We will start with importing the required modules.

import requests
from colorama import Fore

#for windows
from colorama import init
init()

If you are on a Windows system, you need to initialize colorama by calling the init() method. It will not have any effect on macOS and Linux. Now, let's define an identifier url that represents the domain name for which we want to find all the subdomains.

# the domain to scan for subdomains
domain = "facebook.com"

In this tutorial, we are finding all the subdomains offered by facebook.com. Next, we will open the subdomains.txt file in the read "r" mode, read the subdomains line by line, create the subdomain URL with the help of subdomain and domain, and send GET request to the subdomain URL.

with open(filename, "r") as file:
    for subdomain in file.readlines():
        # define subdomain url
        subdomain_url = f"https://{subdomain.strip()}.{domain}"
        try:
            response = requests.get(subdomain_url)
            
            #200 success code
            if response.status_code==200:
                print(Fore.GREEN +f"Subdomain Found [+]: {subdomain_url}")
        except:
            pass

• The readlines() function will read the file line by line.
• strip() will remove the unnecessary space and new line from the subdomain string.
• The get() function will send the GET request to the specified URL.
• status_code returns an integer value for the response status.

Finally, put all the code together and execute.

Python Program to Find Subdomains

import requests
from colorama import Fore

#initialize colorama for windows
from colorama import init
init()

# the domain to scan for subdomains
domain = "facebook.com"

#https://github.com/KHATRIVINAY1/data/blob/main/subdomains.txt
filename="subdomains.txt"

with open(filename, "r") as file:
    for subdomain in file.readlines():
        # define subdomain url
        subdomain_url = f"https://{subdomain.strip()}.{domain}"
        try:
            response = requests.get(subdomain_url)
            
            #200 success code
            if response.status_code==200:
                print(Fore.GREEN +f"Subdomain Found [+]: {subdomain_url}")
        except:
            pass  

Output

Conclusion

In this Python tutorial, we learned how to make a subdomain scanner in Python. When you execute the above program, it might take a few minutes to print out all the subdomains offered by Facebook.com.

If you want your program to run faster, you can use multithreading in Python .

People are also reading:

• Best Python GUI Frameworks
• Parse Data From JSON Into Python
• Delete a File in Python
• Update All Python Packages
• How to loop with indexes in Python?
• Python list vs. Tuple
• Best Python Data Visualization Libraries
• Python Modulo in Practice
• Python Data Visualization