Introduction
Hey there, cybersecurity enthusiasts! Ever wondered how to up your game in subdomain enumeration? Well, we’ve got some exciting news. Subfinder, a tool you probably know and love, is now integrated with RedHunt’s Attack Surface Recon API. Yep, you heard that right, your favourite subdomain enumeration tool just got even better with more comprehensive results.
What is a Subfinder?
For those who might be new to this, Subfinder is a tool used for discovering subdomains related to a given domain. Subfinder integrates with a large number of free and paid services in order to enumerate subdomains for a given target.
What is RedHunt’s Attack Surface Recon API?
Now, let’s talk about our Attack Surface Recon API. This API is a powerhouse of valuable Recon information such as domains, subdomains, third-party SaaS platforms, data leak details and intelligent correlations between them. The API thus enables the end-user to retrieve comprehensive insights into the digital footprint of a target from our extensive in-house database that stores a whopping 6 billion+ records. Cool right?
The most important thing is that we have a FREE PLAN for our community hackers and recon enthusiasts.
The Integration: Why It Matters
So, why should you care about this integration? Simple. By combining Subfinder’s capabilities with our API, you’re getting a more robust, efficient, and comprehensive subdomain enumeration process. Imagine having a Swiss Army knife that just added another super useful utility. That’s what this is.
How to Set Up the Integration
Ready to harness the power of Subfinder integrated with RedHunt’s Attack Surface Recon API? Follow these steps to get started seamlessly:
1. Install the Latest Version of Subfinder
Before diving into the integration, ensure you have the latest version of Subfinder installed. Subfinder requires go1.20 for a successful installation. You can conveniently install the latest version of Subfinder using the following command:
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
This ensures you have the most up-to-date and compatible version of Subfinder ready to go.
2. Get Your API Key from RedHunt
To establish the connection between Subfinder and RedHunt’s Attack Surface Recon API, you’ll need an API key from RedHunt. Head over to our Developer Portal and set up your account to obtain your API key.
Detailed instructions can be found here: https://redhuntlabs.com/blog/introducing-a-free-attack-surface-recon-api-by-redhunt-labs/
3. Test your API key
Now that you have the Attack Surface Recon API key in your inventory, let’s take it for a spin and see if it is working correctly!
Make a curl request like below along with your API key in the request header and you should get a response like below if the request was successful.
To make the testing more fun, we are sharing a one-liner for the old time’s sake so that you can test out the API key as well as use it in your existing recon process to speed up things!
curl --request GET --url 'https://reconapi.redhuntlabs.com/community/v1/domains/subdomains?domain=YOUR-DOMAIN-HERE&page_size=10' --header 'X-BLOBR-KEY: YOUR-API-KEY-HERE' | jq '.subdomains[]' -r
4. Update Subfinder’s Config File
Subfinder operates seamlessly with RedHunt Labs’ Attack Surface Recon API, but it requires a configuration update to establish the connection. This configuration file is stored in the $HOME/.config/subfinder/provider-config.yaml file. It will be automatically created when you run Subfinder for the first time.
The configuration file uses YAML format, and you can specify multiple API keys for various services. In the case of RedHunt Labs’ API, the format is ENDPOINT:API_TOKEN, like this:
Note: RedHunt Labs’s Attack Surface Recon API has different API endpoints depending on the user’s subscription. Make sure to add the appropriate endpoint before running any scans.
Also, the API token you just saw in the screenshot is a dummy.
5. Run Subfinder and Watch the Magic Happen:
With the API configuration in place, you’re all set to put Subfinder into action. Simply run Subfinder, and it will seamlessly integrate with RedHunt’s Attack Surface Recon API. Sit back, relax, and watch the magic unfold! Here is an example below:
These four straightforward steps empower you to leverage the combined power of Subfinder and our API for enhanced subdomain enumeration and reconnaissance.
Performance / Results Metrics
Curious about the tangible enhancements that the integration of Subfinder with RedHunt’s Attack Surface Recon API brings to the table? We conducted some benchmark testing, and the results are in, showing just how significant these improvements are.
In our testing, we took the target domain hackerone.com for a spin to showcase the real impact of this integration:
1. Initial Scan without the API Module
Running Subfinder in its default mode yielded a discovery of 18 subdomains associated with hackerone.com. This was the starting point for our performance evaluation.
2. Running Subfinder after Integration with our API
Subfinder, when paired with the RedHunt Labs’ Attack Surface Recon API module, unleashed its full potential. With a total of 44 subdomains unearthed, it’s almost 2.5 times more subdomains than the initial scan without the API module.
With faster queries, more consistent results, and significantly increased subdomain discovery, this collaboration promises to streamline your bug bounty and recon workflows.
Conclusion
So there you have it, folks. Subfinder now supports integration with RedHunt Labs API. Don’t just take our word for it—give it a spin and see for yourself.
Additional Resources
Eager for more cybersecurity insights and tools? We’ve got you covered! Explore these additional resources to supercharge your cybersecurity journey:
RedHunt API Portal: Dive into the RedHunt Dev Portal to access valuable documentation and most importantly, obtain your API key. It’s your gateway to unleashing the power of our Attack Surface Recon API.
Subfinder GitHub Page: For in-depth information and updates on Subfinder, visit the Subfinder GitHub page. Here, you’ll find the latest releases, documentation, and a vibrant community of users and contributors.
RedHunt Labs Blog: Stay informed about the latest developments in cybersecurity, including insights into our Attack Surface Recon API, by checking out our blog. It’s a valuable resource for staying up-to-date with industry trends and best practices.
