Automate Subdomain Discovery with Subfinder & Httpx – Simple Bash Script!

By /

Listen to this Post

Finding live subdomains is a critical step in reconnaissance for bug bounty hunting, penetration testing, and cybersecurity research. Automating this process saves time and improves efficiency. This article provides a simple yet powerful Bash script that combines Subfinder (for subdomain discovery) and Httpx (for filtering live subdomains).

Script Overview

The script performs the following:

1. Uses Subfinder to discover subdomains.

2. Filters live subdomains using Httpx.

  1. Saves results in a structured file for analysis.

Bash Script

Save the following as `find_live_subdomains.sh`:

#!/bin/bash

if [ -z "$1" ]; then 
echo "Usage: $0 <domain>" 
exit 1 
fi

DOMAIN=$1 
OUTPUT_FILE="live_subdomains_$DOMAIN.txt"

echo "[+] Running Subfinder for $DOMAIN..." 
subfinder -d $DOMAIN -silent -o subdomains_$DOMAIN.txt

echo "[+] Checking for live subdomains with Httpx..." 
cat subdomains_$DOMAIN.txt | httpx -silent -o $OUTPUT_FILE

echo "[+] Live subdomains saved to $OUTPUT_FILE"

### **How to Use?**

1. **Save the script**:

nano find_live_subdomains.sh

2. **Make it executable**:

chmod +x find_live_subdomains.sh

3. **Run it against a target domain**:

./find_live_subdomains.sh example.com

### **You Should Know:**

  • Subfinder Installation: 
    go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
  • Httpx Installation: 
    go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
  • Enhancements:
  • Integrate Amass for deeper subdomain enumeration: 
    amass enum -d $DOMAIN -o amass_$DOMAIN.txt
  • Use Nuclei for vulnerability scanning: 
    cat $OUTPUT_FILE | nuclei -t ~/nuclei-templates/

### **Expected Output:**

[+] Running Subfinder for example.com... 
[+] Checking for live subdomains with Httpx... 
[+] Live subdomains saved to live_subdomains_example.com.txt

### **What Undercode Say:**

Automating reconnaissance with Subfinder and Httpx significantly improves efficiency in cybersecurity workflows. This script is a starting point—extend it with Amass, Nuclei, or Waybackurls for comprehensive recon.

### **Expected Output:**

A structured list of live subdomains ready for further analysis.

**Relevant URLs:**

References:

Reported By: Mehedi Cybersec – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: