使用子域名查询工具搜索域名所有的子域名

子域名查询的优势

• 数据每日更新

  Each subdomain search gives you a list of all the subdomains of a domain from a large database gathered in over a decade of data crawling and growing by over 15 million subdomains daily on average.

• 结果快速响应

  只需搜索一个域名，即刻获得任何目标域名的即时子域名信息。

• 便利

  借助方便快捷的子域名查询API，无需再进行手动子域名研究。

Frequently Asked Questions

What is a subdomain?

A subdomain is a subdivision of a main domain name that helps organize and navigate different sections of a website. It functions as a separate address within the main domain but remains part of the same root domain. For example, in subdomains.whoisxmlapi.com, subdomains is the subdomain, whoisxmlapi.com is the primary domain name, and .com is the top-level domain (TLD).

What information will I receive from a subdomain lookup?

When you perform a subdomain lookup, the tool lists all subdomains of a domain name that it was able to discover. While no lookup tool can guarantee 100% coverage, ours is usually close. It will also show the dates when they were first seen and last updated.

How does the Subdomain Lookup work?

When a user queries the WhoisXML API’s Subdomain Lookup tool, the request is sent to a massive, precompiled database that was built over the course of more than 10 years through continuous passive subdomain discovery techniques, such as DNS record analysis and browsing SSL certificates and certificate transparency logs.

This subdomains database is updated daily to ensure that the data remains as accurate and fresh as possible, especially since the Subdomain Lookup is commonly used as a recon tool.

What makes the WhoisXML API’s Subdomain Lookup tool different?

WhoisXML API’s Subdomain Lookup stands out for its speed and accuracy. It returns a list of subdomains for any given root domain within a few seconds. In addition, the subdomain discovery tool uses a combination of techniques, including advanced algorithms and a regularly updated DNS records database, to provide a comprehensive list of subdomains. The subdomain data can be accessed through three different consumption models:

• Subdomains Lookup API: this consumption model is designed for developers and technical users who want to integrate the API into their own applications, scripts, or workflows to perform large-scale, automated subdomain searches and retrieve the data in a structured format like JSON or XML. Subdomain Lookup API can now be accessed using your favorite LLM, with WhoisXML API’s MCP server. The same Subdomains Lookup API key is needed to set up the MCP server.
• Subdomains Lookup GUI: this is a web-based and user-friendly platform where users can enter a domain name into the search bar, click the “Lookup” button, and view the results directly on the webpage.
• Subdomains Database Download: this model is for users who require the entire dataset for offline analysis or integration into their internal systems. Instead of making individual queries, users can download the complete database of subdomains in a large CSV file.

Does the Subdomain Lookup Tool provide accurate data?

Yes, WhoisXML API provides highly accurate and regularly updated subdomain data, as it pulls information from multiple sources, including DNS records and certificate transparency logs.

Can I automate subdomain scans?

Yes, you can automate subdomain scans using the Subdomains Lookup API. The API responses are in JSON and XML formats, making the tool compatible with popular coding languages. Please check the API docs to see how to use the API in your workflows.

What can I do after I find subdomains?

After you find subdomains, you can use the information for various purposes. Here are a few things most organizations do with their subdomains list:

• Asset management: Subdomain enumeration helps organizations find all subdomains of a domain, including forgotten or overlooked subdomains (e.g., shadow IT). This list is combined with other digital assets, allowing security professionals to map out attack surfaces for security assessments or bug bounty hunting.
• Vulnerability scanning and penetration testing: Once you have a list of subdomains, you can start checking each subdomain for security issues, such as misconfigurations, outdated software, unpatched systems, and vulnerabilities. A forgotten or unmanaged subdomain can be a major entry point for attackers, and vulnerability scanners or penetration testers can uncover these weak spots.
• Threat hunting: Security researchers and bug bounty hunters analyze subdomains for potential phishing campaigns or malicious activities. Subdomain takeover is a well-known technique used for impersonation, cookie theft, and phishing.
• Website infrastructure management: Subdomain lookup can also be used for managing the website infrastructure since a subdomains list can help developers visualize how different services (e.g., blog., api., support.) are hosted and interconnected.