Subscan CLI Usage
🛠️ The Subscan CLI is a versatile tool that provides the following functionalities
- Start a scan to discover subdomains associated with a specific domain
- Perform a brute force attack on a domain using a specified wordlist
- Manage registered modules. See the module command details
✨ Here's a quick overview of how to use it
~$ subscan
_
| |
___ _ _| |__ ___ ___ __ _ _ __
/ __| | | | '_ \/ __|/ __/ _` | '_ \
\__ \ |_| | |_) \__ \ (_| (_| | | | |
|___/\__,_|_.__/|___/\___\__,_|_| |_|
Usage: subscan [OPTIONS] <COMMAND>
Commands:
scan Start scan on any domain address
brute Start brute force attack with a given wordlist
module Subcommand to manage implemented modules
help Print this message or the help of the given subcommand(s)
Options:
-v, --verbose... Increase logging verbosity
-q, --quiet... Decrease logging verbosity
-h, --help Print help (see more with '--help')
-V, --version Print version
Start Scan
To scan a domain using all available modules, use the following command:
~$ subscan scan -d example.com
You can also choose specific modules to run or skip using the --skips and --modules arguments. Module names should be provided as a comma-separated list1
~$ # skip the commoncrawl and google modules during the scan
~$ subscan scan -d example.com --skips=commoncrawl,google
~$ # run only the virustotal module
~$ subscan scan -d example.com --modules=virustotal
If a module is included in both the --skips and --modules arguments, it will be skipped and not executed
If the module you’re using requires authentication, you can provide the necessary credentials, such as an API key, through module-specific environment variables. For more details about environment variables, refer to the Environments chapter
SUBSCAN_VIRUSTOTAL_APIKEY=foo subscan scan -d example.com --modules=virustotal
Brute Force
Use the brute command to start a brute force attack with a specific wordlist
~$ subscan brute -d example.com --wordlist file.txt
To specify wordlist into docker container, see the Docker usage