AI Hub Icon
AIBit Discover Open Source Projects
Home / Practical Open Source Projects

OneForAll: Ultimate Subdomain Enumeration Tool

April 09, 2026
Category: Practical Open Source Projects
Tags:
OSINT Recon subdomain-enumeration pentest-tool bugbounty

OneForAll: The Ultimate Subdomain Enumeration Framework

What is OneForAll?

OneForAll is a comprehensive Python-based subdomain collection tool designed to solve the pain points of existing reconnaissance tools. With over 50 collection modules, automatic validation, brute-forcing, and takeover detection, it's become a go-to tool for penetration testers, bug bounty hunters, and security researchers.

9.7k GitHub stars and 1.4k forks prove its popularity in the cybersecurity community.

Key Features

πŸš€ Massive Collection Capabilities

  • Certificate Transparency (6 modules: crt.sh, Censys, Google CT, etc.)
  • DNS Datasets (24 modules: RapidDNS, SecurityTrails, VirusTotal, etc.)
  • Search Engines (18 modules: Google, Baidu, Fofa, Shodan, etc.)
  • Threat Intelligence (AlienVault, ThreatBook, RiskIQ)

⚑ Lightning Fast Performance

  • MassDNS integration: 350,000+ DNS resolutions per second
  • Multi-threaded collection modules
  • Async DNS parsing & HTTP requests

πŸ›‘οΈ Comprehensive Validation

  • Automatic DNS resolution
  • HTTP banner grabbing & title extraction
  • Subdomain takeover detection
  • Port scanning (80, custom ranges)

πŸ”„ Advanced Discovery Techniques

  • Subdomain brute-forcing with custom fuzzing
  • Subdomain crawling from JavaScript & responses
  • Subdomain replacement techniques
  • Certificate altname extraction

Quick Start

git clone https://github.com/shmilylty/OneForAll.git
cd OneForAll
pip3 install -r requirements.txt
python3 oneforall.py --target example.com run

Results saved as: example.com.csv, SQLite database, and aggregated results.

Docker Deployment

docker run -it --rm -v ~/results:/OneForAll/results shmilylty/oneforall --target example.com run

Why Choose OneForAll?

Feature OneForAll Others
Modules 50+ 5-20
Speed MassDNS 350k/s Standard resolvers
Validation Full (DNS+HTTP+Takeover) Basic
Export CSV/JSON/SQLite TXT only
Maintenance Active (2025 commits) Stale

Use Cases

  1. Penetration Testing: Complete subdomain discovery
  2. Bug Bounty: Find forgotten subdomains for takeovers
  3. Asset Discovery: Map complete attack surface
  4. Red Teaming: Information gathering automation

Pro Tips

# Only export alive subdomains
python3 oneforall.py --target example.com --valid True run

# Enable brute forcing
python3 oneforall.py --target example.com --brute True run

# Custom ports
python3 oneforall.py --target example.com --port large run

# Batch processing
python3 oneforall.py --targets domains.txt run

OneForAll combines the best features from tools like Sublist3r, Amass, and Subfinder into one powerful framework. Download today and supercharge your reconnaissance workflow!

⚠️ Legal Notice: Only use on targets you have explicit permission to test.

Original Article: View Original

Share this article