Getting Started with the Acunetix Subdomain Scanner (2024)

Getting Started with the Acunetix Subdomain Scanner (1) Ian Muscat |

The Subdomain Scanner is one of the tools in the Acunetix Manual Tools suite for penetration testers. The Acunetix Manual Tools Suite is a set of tools for penetration testing, ethical hacking, and attack surface information gathering. The tools are free for commercial use but they are not open-source.

The Subdomain Scanner is a subdomain discovery tool. It allows you to run a scan for a top-level domain name to discover target organization subdomains configured in its hierarchy.

The Subdomain Scanner uses the target domain’s DNS server (or any other DNS server specified) to scan the DNS records for possible subdomains. While scanning, the Subdomain Scanner will also automatically identify if the domain being scanned uses wildcards (* It uses DNS servers and DNS enumeration based on common subdomain names. It does not brute-force subdomains and it does not use SSL certificates, public search engines, reverse DNS PTR records, DNS zone transfers, or other similar scan methods.

To find subdomains, launch the Acunetix Tools application and select the Subdomain Scanner from the Tools Explorer.

Getting Started with the Acunetix Subdomain Scanner (2)

The top pane of the Subdomain Scanner is where you’ll see the results of the subdomain scan. The bottom pane displays the HTTP response headers and data received from the server.

Scan a Domain

You may either use the target’s DNS server to for DNS lookups (default) or, alternatively, you may specify a DNS server of your choice to resolve DNS queries and gather subdomain information.

Getting Started with the Acunetix Subdomain Scanner (3)

You may also choose to alter the default timeout (10 seconds by default). Increasing the timeout value may be useful if DNS requests are timing out. Click the Start button in the top-right corner to begin subdomain enumeration.

Analyze Results

Domains are displayed as soon as they are discovered in the bottom pane. Additionally, the Subdomain Scanner also checks for the presence of web servers for a given subdomain. If found, the server’s IP address and web server banner are also retrieved.

You can right-click the discovered web server to send custom requests using the HTTP Editor, as well as export the list of discovered web servers as a CSV file.

Acunetix is an automated web application security scanner and vulnerability management platform. In addition, Acunetix also provides a suite of manual pentesting tools that allow users to quickly and easily confirm and take automated testing further.

Get the latest content on web security
in your inbox each week.


Getting Started with the Acunetix Subdomain Scanner (4)

Ian Muscat

Ian Muscat used to be a technical resource and speaker for Acunetix. More recently, his work centers around cloud security and phishing simulation.

Getting Started with the Acunetix Subdomain Scanner (2024)
Top Articles
Latest Posts
Article information

Author: Jeremiah Abshire

Last Updated:

Views: 5624

Rating: 4.3 / 5 (54 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Jeremiah Abshire

Birthday: 1993-09-14

Address: Apt. 425 92748 Jannie Centers, Port Nikitaville, VT 82110

Phone: +8096210939894

Job: Lead Healthcare Manager

Hobby: Watching movies, Watching movies, Knapping, LARPing, Coffee roasting, Lacemaking, Gaming

Introduction: My name is Jeremiah Abshire, I am a outstanding, kind, clever, hilarious, curious, hilarious, outstanding person who loves writing and wants to share my knowledge and understanding with you.