Powered by

# subsnipe

A tool for sniping subdomains.

# Running subdomain enumeration for a domain 

sudo docker run -it --rm -v "$(pwd):/app/output" fw10/subsnipe -d domain.com

# Extracting list of sorted subdomains from subsnipe job 

grep -i "CNAME for" output.md | awk -F " " '{print $4}' | sort -f > sorted_domains.txt

# Run subsnipe against a text file of subdomains: 

sudo docker run -it --rm -v "$(pwd):/app/output" fw10/subsnipe -s subs.txt

Sometimes I've had to go to crt.sh directly and copy down a list of subdomains which might paste ugly like this:

meow.com


yermawm.meow.com

la.meow.com

listenup.meow.com

You can clean them up and de-dupe them and sort alphabetically by doing this:

awk NF subs.txt | sort -fu > temp && mv temp subs.txt