SubHunter

SubHunter is a fast and concurrent tool to discover subdomains, detect open ports, and identify service providers. It also detects whether a domain is behind a CDN, helping security researchers and network engineers map the real infrastructure behind a target domain.

Features

• Subdomain Discovery: Collects subdomains from crt.sh certificate transparency logs
• Port Scanning: Detects open ports for non-CDN domains using concurrent scanning
• Service Detection: Identifies service provider and hosting information
• CDN Detection: Checks if domain is behind a Content Delivery Network
• High Performance: Concurrent scanning architecture for faster results
• Clean Output: Professional table-formatted results for easy analysis

Installation

Prerequisites

• Go version 1.19 or higher

Setup

1. Clone the repository:

git clone https://github.com/mohammadhasanii/SubHunter.git
cd SubHunter

2. Install dependencies:

go mod init subhunter
go mod tidy

Build

For Windows:

go build -o SubHunter.exe main.go

For Linux/macOS:

go build -o subhunter main.go

Usage

Basic Usage

# Windows
./SubHunter.exe

# Linux/macOS
./subhunter

Input Format

• Enter the main domain without http:// or https://
• Enter root domain only (no subdomains)

Examples:

• ✅ example.com
• ✅ google.com
• ❌ https://example.com
• ❌ www.example.com

Output Format

Results are displayed in a clean table containing:

• Subdomain: Discovered subdomain
• Provider: Hosting/cloud provider
• CDN Status: Whether domain is behind CDN
• Open Ports: List of detected open ports
• Response Time: Average response time