Created
March 17, 2026 12:07
-
-
Save chaddoncooper/8cdda6ab9633e34405fb6b99ba8e9d5f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Version 7.0 | |
| param( | |
| [string]$Domain = '', | |
| [int]$Threads = 50, | |
| [switch]$Json, | |
| [switch]$Silent, | |
| [switch]$Help | |
| ) | |
| Set-StrictMode -Version Latest | |
| $ErrorActionPreference = 'Stop' | |
| function Main { | |
| if ($Help -or [string]::IsNullOrWhiteSpace($Domain)) { | |
| Write-Host "Usage: .\Lookup.ps1 -Domain 'example.com' [-Threads 50]" | |
| exit 0 | |
| } | |
| $resultDir = Join-Path $HOME ".cache/subdomains/$([DateTimeOffset]::UtcNow.ToUnixTimeSeconds())-$Domain" | |
| New-Item -ItemType Directory -Path $resultDir -Force | Out-Null | |
| $aliveFile = Join-Path $resultDir "alive.txt" | |
| if (-not $Silent) { Write-Host " [+] Fetching subdomains from Hackertarget..." -ForegroundColor Cyan } | |
| try { | |
| # Hackertarget returns CSV format (subdomain,ip). We just want the subdomain. | |
| $url = "https://api.hackertarget.com/hostsearch/?q=$Domain" | |
| $response = Invoke-WebRequest -Uri $url -Method Get -TimeoutSec 15 -UserAgent "Mozilla/5.0" | |
| $subdomains = @($response.Content -split "`n" | ForEach-Object { | |
| ($_ -split ",")[0].Trim().ToLower() | |
| } | Where-Object { $_ -match "\.$Domain$" }) # Ensure it's actually a subdomain | |
| } | |
| catch { | |
| Write-Error "Failed to reach API. Their free tier might be rate-limited." | |
| exit 1 | |
| } | |
| if (($subdomains | Measure-Object).Count -eq 0) { | |
| Write-Host " [!] No subdomains found." -ForegroundColor Yellow | |
| exit 0 | |
| } | |
| $uniqueList = @($subdomains | Sort-Object -Unique) | |
| if (-not $Silent) { Write-Host " [+] Probing $($uniqueList.Count) domains..." -ForegroundColor Cyan } | |
| # Parallel Probing | |
| $aliveResults = @($uniqueList | ForEach-Object -Parallel { | |
| foreach ($proto in @("https://", "http://")) { | |
| try { | |
| $url = "$proto$_" | |
| $null = Invoke-WebRequest -Uri $url -Method Head -TimeoutSec 3 -ErrorAction Stop | |
| if (-not $using:Silent) { Write-Host " [OK] $url" -ForegroundColor Green } | |
| return $_ | |
| } | |
| catch { continue } | |
| } | |
| } -ThrottleLimit $Threads) | |
| $finalCount = ($aliveResults | Measure-Object).Count | |
| if ($finalCount -gt 0) { | |
| $finalList = @($aliveResults | Sort-Object -Unique) | |
| $finalList | Set-Content $aliveFile | |
| if (-not $Silent) { Write-Host " [+] Done! Found $finalCount alive domains in $resultDir" -ForegroundColor Cyan } | |
| if ($Json) { $finalList | ConvertTo-Json } else { $finalList } | |
| } | |
| else { | |
| Write-Host " [-] No domains responded." -ForegroundColor Red | |
| } | |
| } | |
| Main |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment