Sign Up

Full Subdomain Enumeration

This workflow can help an organization identify all the subdomains within their domain and prioritize vulnerabilities within their environment, allowing them to focus their efforts on securing the most critical areas first.

This workflow uses different passive and active techniques to gather subdomains for a specified list of root domains.

Complexity: advanced

Category: Attack Surface Management


Full Subdomain Enumeration workflow in workflow editor

Full Subdomain Enumeration



You can set up this workflow by changing following input values:

  • LIST OF DOMAINS - provide a file containing domains list, as a target
  • SECURITY TRAILS API KEY - optionally provide a SecurityTrails API key
Workflow Targets Setup in workflow editor

Workflow Targets Setup

Build in steps

Visit our blog for a more thorough explanation of how to build this workflow:

Execution and results

After setup workflow is ready to be executed. Once workflow's last node, all subs script, is finished result can be viewed and downloaded.\

all subs script will contain all of the resolved subdomains.

Full Subdomain Enumeration workflow results

Try it out!

This workflow is available in the Library, you can copy it and execute it immediately!

Improve this workflow