Skip to main content

Subdomains,Dns records, & More!

Project description

alt text

GitHub -

pypi -


HTTP(S)-Subdomains,Dns records, & More!

  • All registered subdomains!
  • All active subdomains!
  • All Dns records!
  • Is non-intrusive - leave NO fingerprints, totally fast and totally anonymous.

SubZone - Gathers all registard subdomains for target domain, and then checks too see which ones are active subdomains, also will go through dns servers and do zonetransfer to see if any server have been miss configured and are leaking valuable information.

  • Owner/sys-admin email.
  • Owner contact info.
  • Server contact info.
  • Ip addresses.
  • Port numbers
  • Telephone numbers.
  • Location of server.
  • Other servers
  • Software.
  • & more!. (Check out dns record pics for at bottom of page for example)

This helps penetration testers and bug hunters collect and gather subdomains and information for the domain they are targeting.

Getting Started

Either Fork the latest repository or use pip to get latest version of subzone. For easy install of python package and all dependencies use - pip install subzone

Key points

Can also be used as an import to your own script/program from subdomain import subzone then use subzone.get(url) eg. subzone.get('') Will print out a list of registard domains and active domains - in color -

Example Usage:

-d (domain) is True(needed)  -o (output) is True (needed) - 
- python -d (domain) -o (output)
- python -d -o facebook.txt
- python -d -o zonetransfer.txt
  • 100%: You will get everything that can be possibly got from the domain/host all whilst leaving NO fingerprints.


Python - This is built on Python 3.6, you will need at least Python 3.5+ (might work with 3+ i haven't tested it - should not be hard to make work tho if doesn't!) to use this software. -

Libraries - You will need/use these libraries to use this software: pip install subzone - will take care of this automatically.

From the standard libraries.

  • Time : n/a
  • Socket : n/a
  • Subprocess : n/a
  • os : n/a
  • Argparse : n/a
  • Json : n/a

Not from the standard libraries.

  • Colorama : >=0.3.9
  • Requests : >=2.18.4
  • Urlib3 : >=1.22


subzone is mainly to be used in console using the commands stated above, OR you can use from subdomain import subzone in your own script/program and use the following command subzone.get('') to invoke the subdomain function in your own python code.

Usage examples with pictures

Facebook (

python -d -o facebook.txt

alt text

alt text

alt text

alt text

Zonetransfer (

python -d -o zonetransfer.txt

alt text

alt text

alt text

alt text

Output documents (-o filename.txt)

alt text

Built With


Please read [] for details on our code of conduct, and the process for submitting pull requests.


Current version: 0.2.8

Current filename:



  • I took inspiration from UnaPibaGeek and her ctfr code.(check her out, great stuff)
  • I took inspiration from DigiNinja - DigiNinja for setting up which is purposely vulnerable and not setup correctly to show how a dns server can betray you and leak information if you don't know what your doing.


This project is licensed under the MIT License - see the file for details

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

subzone-0.2.8.tar.gz (7.6 kB view hashes)

Uploaded source

Built Distribution

subzone-0.2.8-py3-none-any.whl (9.5 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page