Information Gatheringsubdomainsdomainsreconnaissancepassivedns

assetfinder

assetfinder is a command-line tool designed to find domains and subdomains associated with a specific domain. It uses multiple data sources to expand coverage and increase result accuracy.

Description

assetfinder helps security researchers and IT professionals discover and understand how the domains and sub-domains of a given organization are distributed. The tool aims to identify possible security flaws and vulnerabilities by revealing associated domains and subdomains.

It leverages various public data sources including crt.sh, certspotter, hackertarget, threatcrowd, Wayback Machine, dns.bufferover.run, Facebook Graph API, Virustotal, and findsubdomains. This multi-source approach provides comprehensive coverage for reconnaissance tasks.

Use cases include initial reconnaissance phases of penetration testing, mapping attack surfaces, and asset discovery for vulnerability assessments.

How It Works

assetfinder queries multiple passive data sources such as crt.sh, certspotter, hackertarget, threatcrowd, Wayback Machine, dns.bufferover.run, Facebook Graph API, Virustotal, and findsubdomains to collect domains and subdomains linked to a target domain. It aggregates and processes results from these APIs and services to compile a list of associated assets without direct interaction with the target infrastructure.

Installation

bash
sudo apt install assetfinder

Flags

-subs-onlyOnly include subdomains of search domain

Examples

Finds all domains and subdomains associated with example.com using multiple data sources
assetfinder example.com
Finds only subdomains of example.com, excluding the root domain
assetfinder -subs-only example.com
Discovers domains and subdomains related to google.com from sources like crt.sh and certspotter
assetfinder google.com
Retrieves subdomains only for tesla.com to focus reconnaissance on subdomains
assetfinder -subs-only tesla.com
Aggregates subdomains and domains for facebook.com using all configured sources
assetfinder facebook.com
Limits output to subdomains of microsoft.com for targeted asset discovery
assetfinder -subs-only microsoft.com
Updated 2026-04-16kali.org ↗