loading
loading
Recon
Get subdomains from jldc.me.
overview
jldc-subdomains asks the jldc.me API, the public Anubis subdomain database, for every name recorded under a domain. The request goes to a third-party dataset rather than the target, so it widens an enumeration without sending a packet to the organization you are mapping.
No two passive datasets hold the same names, which is why recon pipelines stack several and deduplicate the union. jldc-subdomains is one such feed. Run it beside crtsh, hackertarget, and other single-source finders, then resolve the merged list before you probe.
The node takes one input, a domain, and writes a file and a folder of subdomains. Reach for it when you want an extra passive source in a subdomain sweep, or a quick standalone lookup when you only need what jldc.me has on record for a domain.
source github.com/trickest
use cases
Query jldc.me for a domain and merge the results with other passive finders so the combined subdomain set covers more of the footprint.
Pull subdomains from a third-party dataset so the discovery step stays quiet and sends no traffic to the organization being mapped.
Hand the discovered names to a DNS resolver and httpx so the workflow continues only against subdomains that resolve and respond.
Run jldc-subdomains on a schedule and compare runs to flag names that appear in the dataset as the footprint changes.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| domain | STRING | · | Domain to get results from the jldc.me API. |
Showing key inputs. jldc-subdomains exposes 1 inputs in total.
example
# query jldc.me Anubis for a domain's subdomainsjldc-subdomains example.comapi.example.comapp.example.comcdn.example.comdev.example.commail.example.comstaging.example.comvpn.example.comwww.example.comguidance
Use jldc-subdomains as one passive feed in a broader subdomain enumeration, merged with other sources for coverage. It finds names from a dataset, it does not resolve or test them, so follow it with a resolver and httpx. For a multi-source passive sweep in one tool, subfinder is the aggregate sibling.
Aggregates many passive sources at once. jldc-subdomains is a single dedicated feed you can stack alongside it.
Pulls names from certificate transparency logs. Another single-source passive feed to merge in.
Lightweight passive finder across a few sources. Combine its output with jldc for wider coverage.
faq
related
Asynchronous DNS brute-force tool for fast subdomain enumeration.
OWASP Amass: network mapping and external asset discovery.
OWASP Amass intel: find an organization's root domains and ranges.
OWASP Amass enumeration that produces structured JSON output.
Find related domains and subdomains via shared Google Analytics IDs.
Find domains and subdomains potentially related to a given domain.
A domain feeds jldc-subdomains, which pulls subdomains from jldc.me and passes them to httpx so only live names land as output.
Facts on this page come from the live Trickest tool library.