21/02/2026
đ Advanced Subdomain Hunter â Automated Recon Framework
I built a Bash automation tool for passive subdomain enumeration to reconnaissance during pe*******on testing and bug bounty program.
đ Overview
This tool automates multiple industry-standard OSINT enumeration utilities and consolidates their output into a single, clean, deduplicated result set.
attached tools:
đđģ Subfinder
đđģ OWASP Amass
đđģ Sublist3r
â
Passive Enumeration
Each tool runs in passive mode to avoid active probing:
Subfinder â Collects subdomains from multiple OSINT sources
Amass (Passive) â Gathers data from public intelligence datasets
Sublist3r â Extracts subdomains via search engine enumeration
This ensures safe reconnaissance aligned with responsible disclosure practices.
â
Reporting
The script automatically:
Counts total unique subdomains
Displays a clean summary
Provides the final output path
đ¯ Key Features
â Multi-tool automation
â Passive reconnaissance only
â Regex-based validation
â Duplicate removal
â Structured output management
â Timestamp-based versioning
