recon.subfinder
Discover subdomains for target domains to identify potential attack surfaces during security reconnaissance.
Instructions
Run subfinder to discover subdomains for a domain
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Target domain | |
| silent | No | Silent mode |
Implementation Reference
- src/tools/recon.ts:25-56 (handler)The main handler function that executes the subfinder command for subdomain enumeration. It checks if subfinder is installed, runs the command with provided domain and optional silent flag, parses the output to extract subdomains, saves results to PostgreSQL and Redis, and returns a formatted ToolResult.async ({ domain, silent = true }: any): Promise<ToolResult> => { try { const exists = await checkCommandExists('subfinder'); if (!exists) { return formatToolResult( false, null, 'subfinder not found. Install from: https://github.com/projectdiscovery/subfinder' ); } const args = ['-d', domain]; if (silent) args.push('-silent'); const result = await runCommand('subfinder', args); const subdomains = result.stdout .split('\n') .filter((s) => s.trim().length > 0); await saveTestResult(domain, 'subfinder', true, { subdomains }); await setWorkingMemory(`recon:${domain}:subdomains`, subdomains, 3600); return formatToolResult(true, { subdomains, count: subdomains.length, raw: result.stdout, }); } catch (error: any) { await saveTestResult(domain, 'subfinder', false, null, error.message); return formatToolResult(false, null, error.message); } }
- src/tools/recon.ts:14-23 (schema)The input schema and description for the recon.subfinder tool, defining the required 'domain' parameter and optional 'silent' boolean flag.{ description: 'Run subfinder to discover subdomains for a domain', inputSchema: { type: 'object', properties: { domain: { type: 'string', description: 'Target domain' }, silent: { type: 'boolean', description: 'Silent mode', default: true }, }, required: ['domain'], },
- src/tools/recon.ts:12-57 (registration)The server.tool registration call that defines and registers the recon.subfinder tool with its schema and handler function.server.tool( 'recon.subfinder', { description: 'Run subfinder to discover subdomains for a domain', inputSchema: { type: 'object', properties: { domain: { type: 'string', description: 'Target domain' }, silent: { type: 'boolean', description: 'Silent mode', default: true }, }, required: ['domain'], }, }, async ({ domain, silent = true }: any): Promise<ToolResult> => { try { const exists = await checkCommandExists('subfinder'); if (!exists) { return formatToolResult( false, null, 'subfinder not found. Install from: https://github.com/projectdiscovery/subfinder' ); } const args = ['-d', domain]; if (silent) args.push('-silent'); const result = await runCommand('subfinder', args); const subdomains = result.stdout .split('\n') .filter((s) => s.trim().length > 0); await saveTestResult(domain, 'subfinder', true, { subdomains }); await setWorkingMemory(`recon:${domain}:subdomains`, subdomains, 3600); return formatToolResult(true, { subdomains, count: subdomains.length, raw: result.stdout, }); } catch (error: any) { await saveTestResult(domain, 'subfinder', false, null, error.message); return formatToolResult(false, null, error.message); } } );
- src/index.ts:35-35 (registration)Invocation of registerReconTools in the main server initialization, which registers all recon tools including recon.subfinder.registerReconTools(server);