- otx2subdomains is a passive asset discovery scanner. This means it does not interact with the target domain or its hosts while performing a scan.
- This is done via the free OTX API and validated using Google's public DoH (DNS over HTTPS) resolvers.
- If you decide to interact with a host following a scan, it is your responsibility to verify you have the proper jurisdiction.
I am not responsible for any legal or criminal proceedings filed against you for using this tool.
otx2subdomains is written for Windows and has a few dependencies from GnuWin32.
Luckily, I wrote a tool for installing everything you need. You can run these scripts from source, or use the compiled executable binary.
If you would like to download the dependencies ad-hoc, you'll need to install gawk from here and grep from here.
Quickstart Steps:
- Download and run my compiled installer for grep, sed, & awk dependancies
- Verify the tools are added to your environment variables
- Clone the otx2subdomains repository
- Run otx2subdomains. If you are having issues accessing the dependencies from your environment vars, verify they are set and reboot your machine.
- If you find use from this, consider supporting my work on Ko-fi.
- As of this release, I'm currently consulting full-time and get paid by the project, not by my time.