.png)
3 hours ago
1
A simple and powerful Android application for passive subdomain enumeration, based on the ProjectDiscovery Subfinder tool.
- Passive Enumeration: Uses only passive sources (no active scanning)
- Multiple Sources: Queries 5 different sources:
- crt.sh (Certificate Transparency logs)
- HackerTarget API
- ThreatCrowd API
- AlienVault OTX
- RapidDNS
- Material Design UI: Clean, modern interface
- Fast & Parallel: All sources queried simultaneously using Kotlin coroutines
- Export Results: Share/export subdomain lists as text files
- No API Keys Required: All sources are free and don't require authentication
The app implements the same core logic as Subfinder:
- Input: User enters a domain (e.g., example.com)
- Query: App queries multiple passive DNS/security sources in parallel
- Extract: Subdomains are extracted from API responses
- Deduplicate: All results are combined and duplicates removed
- Display: Sorted list of unique subdomains shown in the app
- Android Studio (latest version) OR
- Android SDK Command Line Tools
- JDK 8 or higher
- Open Android Studio
- Click "Open Project"
- Navigate to the subfinder-android folder
- Wait for Gradle sync to complete
- Click Build → Build Bundle(s) / APK(s) → Build APK(s)
- APK will be generated in: app/build/outputs/apk/debug/app-debug.apk
# Navigate to the project directory
cd subfinder-android
# Make gradlew executable (Linux/Mac)
chmod +x gradlew
# Build debug APK
./gradlew assembleDebug
# For release APK (requires signing)
./gradlew assembleRelease
The APK will be located at:
- Debug: app/build/outputs/apk/debug/app-debug.apk
- Release: app/build/outputs/apk/release/app-release-unsigned.apk
cd subfinder-android
gradle assembleDebug
- Transfer the APK to your device
- Enable "Install from Unknown Sources" in Settings
- Open the APK file and tap Install
adb install app/build/outputs/apk/debug/app-debug.apk
- Launch the app
- Enter a domain name (e.g., hackerone.com)
- Tap "Start Scan"
- Wait for results (typically 10-30 seconds)
- View the discovered subdomains
- Tap "Export" to share/save the results
- Android 7.0 (API Level 24) or higher
- Internet connection
SubdomainFinder (Main Engine)
├── SubdomainSource (Interface)
│ ├── CrtShSource
│ ├── HackerTargetSource
│ ├── ThreatCrowdSource
│ ├── AlienVaultSource
│ └── RapidDnsSource
├── MainActivity (UI)
└── SubdomainAdapter (RecyclerView)
- Language: Kotlin
- UI: Material Design 3
- Async: Kotlin Coroutines
- HTTP: OkHttp3
- JSON: org.json
- Min SDK: 24 (Android 7.0)
- Target SDK: 34 (Android 14)
| Sources | 40+ sources | 5 free sources |
| API Keys | Optional | Not required |
| Platform | CLI (Linux/Mac/Windows) | Android Mobile |
| Language | Go | Kotlin |
| DNS Resolution | Yes | No |
| Wildcard Filtering | Yes | No |
| Speed | Very Fast | Fast |
| UI | Command Line | Material Design GUI |
- Fewer sources than the original tool (5 vs 40+)
- No DNS resolution verification
- No wildcard filtering
- No recursive enumeration
- Some sources may rate-limit requests
- Add more free sources (VirusTotal, URLScan, etc.)
- Implement DNS resolution
- Add source selection options
- Save scan history
- Dark mode support
- Subdomain filtering/sorting options
This project is inspired by ProjectDiscovery's Subfinder. Use responsibly and ethically.
This tool is for educational and authorized security testing purposes only. Always obtain proper authorization before scanning any domain you don't own.
- Original Subfinder by ProjectDiscovery
- Android implementation based on Subfinder's passive enumeration logic
