recon.subfinder
Discover subdomains for target domains using automated reconnaissance to identify potential attack surfaces for security testing.
Instructions
Run subfinder to discover subdomains for a domain
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Target domain | |
| silent | No | Silent mode |
Implementation Reference
- src/tools/recon.ts:25-56 (handler)The handler function that executes the subfinder CLI tool: checks if subfinder is installed, runs it with the domain argument (optionally silent), parses subdomains from stdout, saves results to Postgres and Redis, and returns formatted ToolResult.async ({ domain, silent = true }: any): Promise<ToolResult> => { try { const exists = await checkCommandExists('subfinder'); if (!exists) { return formatToolResult( false, null, 'subfinder not found. Install from: https://github.com/projectdiscovery/subfinder' ); } const args = ['-d', domain]; if (silent) args.push('-silent'); const result = await runCommand('subfinder', args); const subdomains = result.stdout .split('\n') .filter((s) => s.trim().length > 0); await saveTestResult(domain, 'subfinder', true, { subdomains }); await setWorkingMemory(`recon:${domain}:subdomains`, subdomains, 3600); return formatToolResult(true, { subdomains, count: subdomains.length, raw: result.stdout, }); } catch (error: any) { await saveTestResult(domain, 'subfinder', false, null, error.message); return formatToolResult(false, null, error.message); } }
- src/tools/recon.ts:16-23 (schema)Input schema for the recon.subfinder tool, defining 'domain' as required string and 'silent' as optional boolean.inputSchema: { type: 'object', properties: { domain: { type: 'string', description: 'Target domain' }, silent: { type: 'boolean', description: 'Silent mode', default: true }, }, required: ['domain'], },
- src/tools/recon.ts:12-57 (registration)Registration of the 'recon.subfinder' tool via server.tool() call inside registerReconTools function, which is invoked from src/index.ts.server.tool( 'recon.subfinder', { description: 'Run subfinder to discover subdomains for a domain', inputSchema: { type: 'object', properties: { domain: { type: 'string', description: 'Target domain' }, silent: { type: 'boolean', description: 'Silent mode', default: true }, }, required: ['domain'], }, }, async ({ domain, silent = true }: any): Promise<ToolResult> => { try { const exists = await checkCommandExists('subfinder'); if (!exists) { return formatToolResult( false, null, 'subfinder not found. Install from: https://github.com/projectdiscovery/subfinder' ); } const args = ['-d', domain]; if (silent) args.push('-silent'); const result = await runCommand('subfinder', args); const subdomains = result.stdout .split('\n') .filter((s) => s.trim().length > 0); await saveTestResult(domain, 'subfinder', true, { subdomains }); await setWorkingMemory(`recon:${domain}:subdomains`, subdomains, 3600); return formatToolResult(true, { subdomains, count: subdomains.length, raw: result.stdout, }); } catch (error: any) { await saveTestResult(domain, 'subfinder', false, null, error.message); return formatToolResult(false, null, error.message); } } );