Fast, colorful & smart subdomain enumeration powered by asyncio
- β‘ Pure asynchronous β resolves thousands of names in parallel
- π§ Automatic concurrency β dynamically adjusts to rate limit
- π Colorful logs β real-time progress without spam
- ποΈ SQLite checkpoint β resumes if interrupted (
Ctrl-C) - π― Wildcard detection β filters false positives
- π Multiple sources β crt.sh, subfinder, huge wordlists (streaming)
- π Advanced HTTP probing β httpx integration + automatic titles
- π Multiple export β TXT, JSON and CSV in a single command
- π§ Adaptive rate limiting β adjusts to server performance
# 1. Clone the repo
git clone https://github.com/santitub/sbdr.git && cd sbdr
# 2. Virtual environment (recommended)
python3 -m venv venv && source venv/bin/activate
# 3. Install dependencies
pip install -r requirements.txt
# 4. (Optional) Install external tools
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest# Simple scan
python sbdr.py example.com
# Bruteforce + HTTP validation + automatic wordlist
python sbdr.py example.com --bruteforce --probe-http --wordlist-size medium
# Maximum speed (no rate limit)
python sbdr.py example.com --rate-limit 0 --bruteforce -o subs.txt,subs.json| Flag | Description |
|---|---|
--bruteforce |
Activates bruteforce with wordlist |
--probe-http |
Validates subdomains with httpx + HTTP probing |
--wordlist-size {small,medium,large} |
Automatic SecLists download |
--wordlist PATH |
Custom wordlist |
--exclude-wildcard |
Removes wildcard subdomains |
-r / --rate-limit |
Seconds between requests (0 = no limit) |
-o file1,file2 |
Multiple outputs in one command |
--verify-ssl |
Validates SSL certificates |
--dry-run |
Simulates without real requests |
--quiet |
Clean output for scripts |
--verbose |
Detailed logs for debugging |
# Only passive sources (certificates + subfinder)
python sbdr.py example.com --no-resolve-dns -o results.txt
# Complete scan with SSL validation
python sbdr.py lab.local --verify-ssl --rate-limit 0 \
--bruteforce --wordlist custom.txt
# Multiple output formats
python sbdr.py target.com -o subdomains.txt,subdomains.json,subdomains.csv
# Resume interrupted scan (automatic checkpoint)
python sbdr.py target.com --bruteforce
# (Run same command again β continues where it left off)18:42:10 [INF] π Checking wildcard DNS for target.com
18:42:11 [INF] β
No wildcard DNS detected.
18:42:12 [INF] π― Querying crt.sh for target.com
18:42:14 [INF] β
crt.sh finished: 137 subdomains processed
18:42:15 [INF] π Running subfinder for target.com
18:42:18 [INF] β
subfinder: found 42 subdomains
18:42:20 [INF] π₯ Starting bruteforce with wordlist-medium.txt (20000 words)
18:42:35 [INF] π Bruteforce progress: 15000/20000 [75%]
18:42:50 [INF] π Resolving DNS for 312 subdomains...
18:43:02 [INF] π‘οΈ Validating subdomains with httpx...
18:43:15 [INF] πΎ Results saved to subdomains.txt (245 records)
18:43:15 [INF] πΎ Results saved to subdomains.json (245 records)
- Daniel Miessler / SecLists for the wordlists
- ProjectDiscovery for subfinder and httpx
- crt.sh for their open certificate API
- aiodns for high-performance async DNS
Remember to use this tool only on domains you own or have permission to test! π