Subbrute Tool to Identifies sub domains by bruteforcing


About the SubBrute Tool

  • SubBrute is an open source subdomain enumeration tool.

  • It is community maintained and aims to be the fastest and most accurate domain finding tool.

  • It makes use of open DNS resolvers to bypass rate-limiting restrictions.

  • It doesn't come preinstalled with Kali Linux and must be downloaded from

  • Italso provides a layer of anonymity, as SubBrute does not send traffic directly to the target's name servers.

  • Better stablity. Better support for testing cloudflare domains.

  • Basically Sub brute is being used by pentesters for over 3 years and has not lost its place because the tools uses multi-threading using python engine.

  • This tool also contains a large list of real sub-domain that you will find in the wild.

  • Basically we were fed up with Fierce / fierce2, and every other tool we used so we found something way faster in python. This tool will not only brute force sub domains.

  • It will also gather information about them as well. By default this tool does subdomain enumeration about 8 times faster than Fierce, and can chew through 31k lookups in about 5 minutes on a normal connection.

Lock image

what's new in recent version

  • The great news in this version is that SubBrute is now a recursive DNS-spider, and also a library, more on this later.

  • SubBrute should be easy to use, so the interface should be intuitive (like nmap!),

  • In this version we are opening up SubBrute's fast DNS resolution pipeline for any DNS record type.

  • Additionally, SubBrute now has a feature to detect subdomains were their resolution is intentionally blocked, which sometimes happens when a subdomain is intended for for use on an internal network.

SubBrute is now a DNS spider that recursively crawls enumerated DNS records.

This feature boosted * from 123 to 162 subdomains. (Always enabled)

    --type enumerate an arbitrary record type (AAAA, CNAME, SOA, TXT, MX...)

    -s can now read subdomains from result files.

New useage - The subdomains enumerated from previous scans can now be used as input to enumerate other DNS records.

Easy to use: 


Tests multiple domains:



a newline delimited list of domains: 

./ -t list.txt