SUBDOMAIN API

Subdomain Discovery API — Fast DNS Brute-Force Scanning

Uncover active subdomains for any domain in seconds. Parallel DNS resolution across 800+ common subdomain patterns with automatic wildcard detection. One API call, complete subdomain intelligence.

Start Scanning Now Try It Live

800+ patterns tested

Wildcard detection

Parallel DNS resolution

Looking for a free plan? Get 1,000 requests/month at no cost →

Live Demo

Discover Subdomains Instantly

Enter any domain to discover its active subdomains in real time.

800+

Patterns Tested

DNS Resolvers

Parallel Workers

Auto

Wildcard Detection

How It Works

Intelligent DNS Brute-Force Discovery

Our API tests 800+ common subdomain patterns against multiple public DNS resolvers simultaneously, filtering false positives from wildcard DNS configurations.

FAST

Parallel Resolution

All 800+ subdomain candidates are tested simultaneously using a pool of 25 concurrent workers. Results in seconds, not minutes.

FILTER

Wildcard Detection

Before scanning, we probe for wildcard DNS records (*.domain.com). False positives are automatically filtered from results.

DNS

Multiple Resolvers

Queries are distributed across 7 public DNS servers (Cloudflare, Google, Quad9, OpenDNS) for speed and reliability.

A + CNAME

A & CNAME Records

Each discovered subdomain returns its DNS record type (A or CNAME) with all associated IP addresses or targets.

SCOPE

Smart Wordlist

Our dictionary covers infrastructure, cloud, DevOps, marketing, security, and API subdomains — the patterns real companies actually use.

CACHE

Result Caching

Results are cached for 1 hour to speed up repeated queries. Fresh scans are performed automatically after cache expiry.

Smart Timeouts

Each DNS query has a 2-second timeout to prevent slow nameservers from blocking the entire scan. No hanging requests.

JSON

JSON & XML Output

Get results in structured JSON (default) or XML. Same format and authentication as all WhoisJSON endpoints.

Use Cases

What Developers Build with Subdomain Data

Attack Surface Discovery

Map the full external perimeter of any organization. Identify forgotten staging servers, exposed admin panels, and shadow IT. Combine with SSL checks to find expired certificates on subdomains.

SubdomainsSSLDNS

Competitive Intelligence

Discover what services competitors run — blog platforms, CDN providers, email services, staging environments. Cross-reference with WHOIS data for complete domain intelligence.

SubdomainsWHOISDNS

Bug Bounty & Pentesting

Enumerate subdomains as the first step of any security assessment. Find hidden endpoints, development servers, and misconfigurations. Pair with DNS lookups for full reconnaissance.

SubdomainsDNSWHOIS

Infrastructure Auditing

Audit your own domain infrastructure. Verify all subdomains are accounted for, check for dangling DNS records, and ensure proper SSL coverage across your entire domain portfolio.

SubdomainsSSLMonitoring

Integration

One Call, Full Subdomain Map

A single GET request scans 800+ subdomain patterns and returns all active ones with their DNS records. Same API key and authentication as all WhoisJSON endpoints.

GET

/api/v1/subdomains?domain=example.com

Authentication: Authorization: TOKEN=YOUR_API_KEY

Response: JSON (default) or XML with format=xml

Caching: Results cached for 1 hour per domain

Full API Reference

Sample response

{
  "domain": "discord.com",
  "wildcard_detected": false,
  "total_found": 8,
  "scan_time_ms": 845,
  "subdomains": [
    {
      "subdomain": "canary.discord.com",
      "type": "A",
      "ips": [
        "162.159.138.232",
        "162.159.128.233",
        "162.159.135.232"
      ],
      "status": "active"
    },
    {
      "subdomain": "cdn.discord.com",
      "type": "CNAME",
      "ips": [
        "discord.map.fastly.net"
      ],
      "status": "active"
    },
    {
      "subdomain": "status.discord.com",
      "type": "CNAME",
      "ips": [
        "stspg-direct.discord.com"
      ],
      "status": "active"
    }
  ]
}

What Is a Subdomain Discovery API?

A subdomain discovery API automates the process of finding active subdomains for any given domain. Instead of manually running DNS enumeration tools, you send a single HTTP request and receive a structured list of all discovered subdomains with their DNS records. WhoisJSON tests over 800 common subdomain patterns using parallel DNS resolution across multiple public resolvers (Cloudflare, Google, Quad9, OpenDNS), with automatic wildcard detection to eliminate false positives.

Part of the WhoisJSON Unified Platform

The Subdomain Discovery API is one of six endpoints available with every WhoisJSON account. The same API token also gives you access to WHOIS lookups, DNS record resolution, SSL certificate validation, domain availability checks, and automated domain monitoring. One token, six tools — build complete domain intelligence workflows without juggling multiple providers.

From Reconnaissance to Production

Every new account starts with 1,000 free requests per month shared across all endpoints — enough for security assessments and reconnaissance projects. Our paid plans scale to unlimited requests at up to 300 req/min with a 99.9% uptime SLA. Results are cached for 1 hour per domain. Check our FAQ or browse the full API documentation for integration details.

Free to start: 1,000 requests/month, no credit card required. One API key for subdomain scanning and all other domain tools. Get your free API key →

Ready to Map Every Subdomain?

Whether you need subdomain enumeration for security audits or competitive intelligence, WhoisJSON delivers results in seconds.

Get Started Now Compare Plans

Documentation FAQ Free plan WHOIS API