Offensive Security

Subdomain Wordlist

Build a candidate subdomain wordlist for a target from common prefix groups plus your own custom terms. It produces text only for an authorised assessment. It does no lookups and resolves nothing itself.

Prefix groupscommon, env, infra, admin

Custom termsadd your own list

Dedupedclean unique output

Runs localbuilds text only

Telemetry

Candidates0

Domainnone

Groups on0

ModeList only

Domain

Custom terms (optional)

0 candidates

Use responsibly

Resolve this list only against domains you own or are authorised to assess.
This is a guess list, real subdomains may use names not in it, and most names here will not exist.
Feed it into a resolver you are permitted to run, never blast a target you have no authorisation for.
Use the results to find and lock down your own forgotten or exposed hosts first.

UniCybers Labs · Offensive Security Authorised testing only