Sub Intel

Quiet recon for loud wins.

Sub Intel aggregates passive subdomain evidence from RapidDNS, AlienVault, Certspotter, crt.sh, LeakIX, Anubis, and HackerTarget are optionally enriching with Shodan, recon provide a deduplicated, timestamped inventory for external-attack-surface discovery.

Join our community server →

Note: Some services block browser requests; set a CORS proxy in Settings to fix it.

* Nothing is stored externally; all data remains local.

By clicking on Fetch, you agree to our Legal / Usage Notice

Use Sub Intel only against assets you own or have explicit authorization to test. Sub Intel aggregates publicly available information; it performs no active scanning by default. Hidden Investigations is not responsible for unauthorized use.

Target Domain

Enter a domain and select the sources you want to hit.

Sources

Results

All unique subdomains will be shown here.

0 found 
Results will appear here...

Settings / API Keys

Some data sources (like Shodan) need an API key. These values are saved in your browser (localStorage).

Required if you check “Shodan”.

Use this if you hit Certspotter rate-limits.

Useful when browser blocks cross-origin requests.