How to Find Subdomains in Kali Linux ?

In this article, we are telling you how to find subdomains such as How to Find subdomains as well as what steps do hackers follow before finding hackers subdomain takeover vulnerability.

Here we are also telling you about some tools which are used a lot in bug bounty hunting, you can use them if you want, these tools can be very useful for you if you use them properly.

Here we are giving you complete information about finding subdomains like why hackers do find subdomains, all this is being told to you for educational purpose, you should never misuse it.

Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.

What is Subdomains ?

Before going about subdomains How to find subdomains and you need to know what are subdomains as well as know why hackers make more attacks on subdomains, let’s know about this.

As you have been told in an earlier article, what are subdomains, here we are telling you why hackers mostly try hacking attacks on subdomains such as I domain is

In this case, subdomain takeover vulnerbility is not found in the main domain of almost all websites, so hackers find subdomains and try to bounty such attacks on them.

This is because one always keeps the main domain of their website secure but most companies do not pay so much attention to subdomains. There are some hidden subdomains that can be found.

In this case, if hackers make any kind of attacks on subdomains, if they become success, then they get a bug bounty reward. Here is one thing you would like to tell, if you get a subdomain takeover vulnerability , then you get a good bug bounty.

Also Read

Website vulnerability Scanner

Exploitation tools in Kali Linux

All in one hacking tools for hackers

How to Find Subdomains ?

Let us now know practically how to find subdomains. Here we are telling you about three tools practically. All these tools are used a lot to find subdomains. All these tools give you


First of all, you are being told about the subfinder, just as you were told about the sublister earlier, similarly the subfinder tool is also used, first of all you have to install this tool in this way.

git clone

How to Find Subdomains

After the tool is installed, you can use it to find subdomains as you can see in the help. Here you have been told everything how you can use this tool to find subdomains.

As you can see in the image, you have to run this simple command in this way, this tool works very fastly, in such a way you must do this with some tool, find hackers subdomain in this way and save them in a file.

How to Find Subdomains

In the same way, you can also use other commands, you can save the output of files of subdomains from this, you get all kinds of information as soon as you run the help command.


You can also use aquatone tool, you will like this tool very much, this tool also helps you in finding subdomains, as well as finding takeover vulnerability and also helps in taking screenshot of subdomains. You can install this tool.

After installing, first of all you have to find subdomains here if you use a scan or takeover vulnerability command directly, you get an error because this tool is used step by step only.

How to Find Subdomains

After finding subdomains like this, you can scan open ports as you can see in the image, here this file is automatically saved and scanning is done with the same file like scanning and takeover vulnerability .

By giving this command in some way, you can find subdomains takeover vulnerbilty in such a way that all your work is done with the help of single tool, similarly this tool also takes screenshots of subdomains for you.

How to Find Subdomains

But for this to work, you have to manually install the subdomain from github and use it, it will be told in an article ahead of you, in this way hackers find subdomains and attack them.


In the same way you can find subdomains by using tugarecon tool, you get many such tools like sudomy, if you want, you can also use sudomy tool, first of all you have to install tugarecon tool.

git clone

After installing the tool, you can install it and use it, how it is done, you have been told in almost all the articles, in this way you can check the help of this tool.

As you can see in the image, in this way you can find subdomains by using this command, this tool also does the work of port scanning for you, you can see in the help how this tool was used.

How to Find Subdomains

You get many types of tools that hackers use to find subdomains. You can easily find tools to scan all kinds of vulnerability but these tools scan for you.

How to Find Subdomains

But if you have to take bounty reward, in this way you have to manually exploit the vulnerability and send a report to the company with the Proof of concept, how all this is done, you will be told soon.

The Conclusion

I hope Now you Know about how to find subdomains as well as you would have also come to know if you can find subdomain takeover vulnerability in a website for hackers, so what can they do?

In this kind of website hacking there are vulnerabilities who find bug bounty reward by finding hackers, you have told us about many types of vulnerabilities earlier, you can also read our article.

Such as Sql injection, CSRF Attack, Cross site scripting (xss attack), Buffer overflow attack, you have been told about it all, if you want to learn bug bounty, then you should have a lot of knowledge related to website hacking.

If you have any kind of question about how to find subdomains or about any kind of hacking, in such a way, you can ask us in a comment, your full help will be done from our side.

If you like this article of ours, in this way, you must share this article, you have been given all kinds of knowledge related to facebook hacking here, bank account hacking, you can read any article by clicking on sitemap.

Sharing is Caring

Subscribe to our blog for latest updates


Be the first to comment

Leave a Reply

Your email address will not be published.