Bugbounty, Downloads, Hacking Tools, Nodesub, Recon, Subdomain, Subdomain Enumeration, Subdomains, Techniques, Wordlist

Nodesub – Command-Line Tool For Finding Subdomains In Bug Bounty Programs

Nodesub is a command-line tool for finding subdomains in bug bounty programs. It supports various subdomain enumeration techniques and provides flexible options for customization.

  • Perform subdomain enumeration using CIDR notation (Support input list).
  • Perform subdomain enumeration using ASN (Support input list).
  • Perform subdomain enumeration using a list of domains.


To install Nodesub, use the following command:

npm install -g nodesub


  • Edit File ~/.config/nodesub/config.ini
nodesub -h

This will display help for the tool. Here are all the switches it supports.


  • Enumerate subdomains for a single domain:

     nodesub -u example.com
  • Enumerate subdomains for a list of domains from a file:

     nodesub -l domains.txt
  • Perform subdomain enumeration using CIDR:

    node nodesub.js -c -o subdomains.txt
    node nodesub.js -c CIDR.txt -o subdomains.txt
  • Perform subdomain enumeration using ASN:

    node nodesub.js -a AS12345 -o subdomains.txt
    node nodesub.js -a ASN.txt -o subdomains.txt
  • Enable recursive subdomain enumeration and output the results to a JSON file:

     nodesub -u example.com -r -o output.json -f json


The tool provides various output formats for the results, including:

  • Text (txt)
  • JSON (json)
  • CSV (csv)
  • PDF (pdf)

The output file contains the resolved subdomains, failed resolved subdomains, or all subdomains based on the options chosen.

Source : KitPloit – PenTest Tools!

Previous ArticleNext Article
Send this to a friend