Subdomain Finder - Android App
A simple and powerful Android application for passive subdomain enumeration, based on the ProjectDiscovery Subfinder tool.
Features
- Passive Enumeration: Uses only passive sources (no active scanning)
- Multiple Sources: Queries 5 different sources:
- crt.sh (Certificate Transparency logs)
- HackerTarget API
- ThreatCrowd API
- AlienVault OTX
- RapidDNS
- Material Design UI: Clean, modern interface
- Fast & Parallel: All sources queried simultaneously using Kotlin coroutines
- Export Results: Share/export subdomain lists as text files
- No API Keys Required: All sources are free and don't require authentication
How It Works
The app implements the same core logic as Subfinder:
- Input: User enters a domain (e.g.,
example.com) - Query: App queries multiple passive DNS/security sources in parallel
- Extract: Subdomains are extracted from API responses
- Deduplicate: All results are combined and duplicates removed
- Display: Sorted list of unique subdomains shown in the app
Building the APK
Prerequisites
- Android Studio (latest version) OR
- Android SDK Command Line Tools
- JDK 8 or higher
Method 1: Using Android Studio
- Open Android Studio
- Click "Open Project"
- Navigate to the
subfinder-androidfolder - Wait for Gradle sync to complete
- Click Build → Build Bundle(s) / APK(s) → Build APK(s)
- APK will be generated in:
app/build/outputs/apk/debug/app-debug.apk
Method 2: Using Command Line
# Navigate to the project directory cd subfinder-android # Make gradlew executable (Linux/Mac) chmod +x gradlew # Build debug APK ./gradlew assembleDebug # For release APK (requires signing) ./gradlew assembleRelease
The APK will be located at:
- Debug:
app/build/outputs/apk/debug/app-debug.apk - Release:
app/build/outputs/apk/release/app-release-unsigned.apk
Method 3: Direct Gradle Build (if you have gradle installed)
cd subfinder-android
gradle assembleDebugInstalling the APK
On Your Android Device:
- Transfer the APK to your device
- Enable "Install from Unknown Sources" in Settings
- Open the APK file and tap Install
Using ADB:
adb install app/build/outputs/apk/debug/app-debug.apk
Usage
- Launch the app
- Enter a domain name (e.g.,
hackerone.com) - Tap "Start Scan"
- Wait for results (typically 10-30 seconds)
- View the discovered subdomains
- Tap "Export" to share/save the results
Minimum Requirements
- Android 7.0 (API Level 24) or higher
- Internet connection
Technical Details
Architecture
SubdomainFinder (Main Engine)
├── SubdomainSource (Interface)
│ ├── CrtShSource
│ ├── HackerTargetSource
│ ├── ThreatCrowdSource
│ ├── AlienVaultSource
│ └── RapidDnsSource
├── MainActivity (UI)
└── SubdomainAdapter (RecyclerView)
Technologies Used
- Language: Kotlin
- UI: Material Design 3
- Async: Kotlin Coroutines
- HTTP: OkHttp3
- JSON: org.json
- Min SDK: 24 (Android 7.0)
- Target SDK: 34 (Android 14)
Comparison with Original Subfinder
| Feature | Original Subfinder | This Android App |
|---|---|---|
| Sources | 40+ sources | 5 free sources |
| API Keys | Optional | Not required |
| Platform | CLI (Linux/Mac/Windows) | Android Mobile |
| Language | Go | Kotlin |
| DNS Resolution | Yes | No |
| Wildcard Filtering | Yes | No |
| Speed | Very Fast | Fast |
| UI | Command Line | Material Design GUI |
Limitations
- Fewer sources than the original tool (5 vs 40+)
- No DNS resolution verification
- No wildcard filtering
- No recursive enumeration
- Some sources may rate-limit requests
Future Enhancements
- Add more free sources (VirusTotal, URLScan, etc.)
- Implement DNS resolution
- Add source selection options
- Save scan history
- Dark mode support
- Subdomain filtering/sorting options
License
This project is inspired by ProjectDiscovery's Subfinder. Use responsibly and ethically.
Disclaimer
This tool is for educational and authorized security testing purposes only. Always obtain proper authorization before scanning any domain you don't own.
Credits
- Original Subfinder by ProjectDiscovery
- Android implementation based on Subfinder's passive enumeration logic