projectdiscovery · dogancanbakir · Nov 19, 2025 · Sep 22, 2025 · Oct 1, 2025 · Oct 1, 2025
diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
@@ -58,7 +58,6 @@ jobs:
           FOFA_API_KEY: ${{secrets.FOFA_API_KEY}}
           FULLHUNT_API_KEY: ${{secrets.FULLHUNT_API_KEY}}
           GITHUB_API_KEY: ${{secrets.GITHUB_API_KEY}}
-          HUNTER_API_KEY: ${{secrets.HUNTER_API_KEY}}
           INTELX_API_KEY: ${{secrets.INTELX_API_KEY}}
           LEAKIX_API_KEY: ${{secrets.LEAKIX_API_KEY}}
           QUAKE_API_KEY: ${{secrets.QUAKE_API_KEY}}

diff --git a/.gitignore b/.gitignore
@@ -8,4 +8,5 @@ vendor/
 .idea
 .devcontainer
 .vscode
-dist
+dist
+/subfinder
diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -13,7 +13,7 @@ builds:
     - darwin
   goarch:
     - amd64
-    - 386
+    - '386'
     - arm
     - arm64
 

diff --git a/go.mod b/go.mod
@@ -73,7 +73,7 @@ require (
 	github.com/minio/selfupdate v0.6.1-0.20230907112617-f11e74f84ca7 // indirect
 	github.com/muesli/reflow v0.3.0 // indirect
 	github.com/muesli/termenv v0.15.3-0.20240618155329-98d742f6907a // indirect
-	github.com/nwaples/rardecode/v2 v2.0.0-beta.4.0.20241112120701-034e449c6e78 // indirect
+	github.com/nwaples/rardecode/v2 v2.2.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
 	github.com/projectdiscovery/blackrock v0.0.1 // indirect

diff --git a/go.sum b/go.sum
@@ -231,8 +231,8 @@ github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s=
 github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8=
 github.com/muesli/termenv v0.15.3-0.20240618155329-98d742f6907a h1:2MaM6YC3mGu54x+RKAA6JiFFHlHDY1UbkxqppT7wYOg=
 github.com/muesli/termenv v0.15.3-0.20240618155329-98d742f6907a/go.mod h1:hxSnBBYLK21Vtq/PHd0S2FYCxBXzBua8ov5s1RobyRQ=
-github.com/nwaples/rardecode/v2 v2.0.0-beta.4.0.20241112120701-034e449c6e78 h1:MYzLheyVx1tJVDqfu3YnN4jtnyALNzLvwl+f58TcvQY=
-github.com/nwaples/rardecode/v2 v2.0.0-beta.4.0.20241112120701-034e449c6e78/go.mod h1:yntwv/HfMc/Hbvtq9I19D1n58te3h6KsqCf3GxyfBGY=
+github.com/nwaples/rardecode/v2 v2.2.0 h1:4ufPGHiNe1rYJxYfehALLjup4Ls3ck42CWwjKiOqu0A=
+github.com/nwaples/rardecode/v2 v2.2.0/go.mod h1:7uz379lSxPe6j9nvzxUZ+n7mnJNgjsRNb6IbvGVHRmw=
 github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY=
 github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=

diff --git a/pkg/passive/sources.go b/pkg/passive/sources.go
@@ -25,6 +25,7 @@ import (
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/digitorus"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/dnsdb"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/dnsdumpster"
+	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/domainsproject"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/dnsrepo"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/driftnet"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/facebook"
@@ -33,10 +34,10 @@ import (
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/github"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/hackertarget"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/hudsonrock"
-	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/hunter"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/intelx"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/leakix"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/netlas"
+	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/onyphe"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/pugrecon"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/quake"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/rapiddns"
@@ -51,6 +52,7 @@ import (
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/virustotal"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/waybackarchive"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/whoisxmlapi"
+	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/windvane"
 	"github.com/projectdiscovery/subfinder/v2/pkg/subscraping/sources/zoomeyeapi"
 	mapsutil "github.com/projectdiscovery/utils/maps"
 )
@@ -70,15 +72,16 @@ var AllSources = [...]subscraping.Source{
 	&digitorus.Source{},
 	&dnsdb.Source{},
 	&dnsdumpster.Source{},
+	&domainsproject.Source{},
 	&dnsrepo.Source{},
 	&driftnet.Source{},
 	&fofa.Source{},
 	&fullhunt.Source{},
 	&github.Source{},
 	&hackertarget.Source{},
-	&hunter.Source{},
 	&intelx.Source{},
 	&netlas.Source{},
+	&onyphe.Source{},
 	&leakix.Source{},
 	&quake.Source{},
 	&pugrecon.Source{},
@@ -95,6 +98,7 @@ var AllSources = [...]subscraping.Source{
 	&virustotal.Source{},
 	&waybackarchive.Source{},
 	&whoisxmlapi.Source{},
+	&windvane.Source{},
 	&zoomeyeapi.Source{},
 	&facebook.Source{},
 	// &threatminer.Source{}, // failing  api

diff --git a/pkg/passive/sources_test.go b/pkg/passive/sources_test.go
@@ -26,13 +26,15 @@ var (
 		"dnsdumpster",
 		"dnsdb",
 		"dnsrepo",
+		"domainsproject",
 		"driftnet",
 		"fofa",
 		"fullhunt",
 		"github",
 		"hackertarget",
 		"intelx",
 		"netlas",
+		"onyphe",
 		"quake",
 		"pugrecon",
 		"rapiddns",
@@ -48,8 +50,8 @@ var (
 		"virustotal",
 		"waybackarchive",
 		"whoisxmlapi",
+		"windvane",
 		"zoomeyeapi",
-		"hunter",
 		"leakix",
 		"facebook",
 		// "threatminer",
@@ -72,22 +74,24 @@ var (
 		"crtsh",
 		"digitorus",
 		"dnsdumpster",
+		"domainsproject",
 		"dnsrepo",
 		"driftnet",
 		"fofa",
 		"fullhunt",
 		"hackertarget",
 		"intelx",
+		"onyphe",
 		"quake",
 		"redhuntlabs",
 		"robtex",
 		// "riddler", // failing due to cloudfront protection
 		"rsecloud",
 		"securitytrails",
 		"shodan",
+		"windvane",
 		"virustotal",
 		"whoisxmlapi",
-		"hunter",
 		"leakix",
 		"facebook",
 		// "threatminer",

diff --git a/pkg/resolve/resolve.go b/pkg/resolve/resolve.go
@@ -25,18 +25,20 @@ type ResolutionPool struct {
 
 // HostEntry defines a host with the source
 type HostEntry struct {
-	Domain string
-	Host   string
-	Source string
+	Domain              string
+	Host                string
+	Source              string
+	WildcardCertificate bool
 }
 
 // Result contains the result for a host resolution
 type Result struct {
-	Type   ResultType
-	Host   string
-	IP     string
-	Error  error
-	Source string
+	Type                ResultType
+	Host                string
+	IP                  string
+	Error               error
+	Source              string
+	WildcardCertificate bool
 }
 
 // ResultType is the type of result found
@@ -92,13 +94,13 @@ func (r *ResolutionPool) InitWildcards(domain string) error {
 func (r *ResolutionPool) resolveWorker() {
 	for task := range r.Tasks {
 		if !r.removeWildcard {
-			r.Results <- Result{Type: Subdomain, Host: task.Host, IP: "", Source: task.Source}
+			r.Results <- Result{Type: Subdomain, Host: task.Host, IP: "", Source: task.Source, WildcardCertificate: task.WildcardCertificate}
 			continue
 		}
 
 		hosts, err := r.DNSClient.Lookup(task.Host)
 		if err != nil {
-			r.Results <- Result{Type: Error, Host: task.Host, Source: task.Source, Error: err}
+			r.Results <- Result{Type: Error, Host: task.Host, Source: task.Source, Error: err, WildcardCertificate: task.WildcardCertificate}
 			continue
 		}
 
@@ -116,7 +118,7 @@ func (r *ResolutionPool) resolveWorker() {
 		}
 
 		if !skip {
-			r.Results <- Result{Type: Subdomain, Host: task.Host, IP: hosts[0], Source: task.Source}
+			r.Results <- Result{Type: Subdomain, Host: task.Host, IP: hosts[0], Source: task.Source, WildcardCertificate: task.WildcardCertificate}
 		}
 	}
 	r.wg.Done()

diff --git a/pkg/runner/banners.go b/pkg/runner/banners.go
@@ -17,7 +17,7 @@ const banner = `
 const ToolName = `subfinder`
 
 // Version is the current version of subfinder
-const version = `v2.9.0`
+const version = `v2.9.1-dev`
 
 // showBanner is used to show the banner to the user
 func showBanner() {

diff --git a/pkg/runner/enumerate.go b/pkg/runner/enumerate.go
@@ -67,6 +67,9 @@ func (r *Runner) EnumerateSingleDomainWithCtx(ctx context.Context, domain string
 				gologger.Warning().Msgf("Encountered an error with source %s: %s\n", result.Source, result.Error)
 			case subscraping.Subdomain:
 				subdomain := replacer.Replace(result.Value)
+				// check if this subdomain is actually a wildcard subdomain
+				// that may have furthur subdomains associated with it
+				isWildcard := strings.Contains(result.Value, "*."+subdomain)
 
 				// Validate the subdomain found and remove wildcards from
 				if !strings.HasSuffix(subdomain, "."+domain) {
@@ -90,10 +93,20 @@ func (r *Runner) EnumerateSingleDomainWithCtx(ctx context.Context, domain string
 					// send the subdomain for resolution.
 					if _, ok := uniqueMap[subdomain]; ok {
 						skippedCounts[result.Source]++
+						// even if it is duplicate if it was not marked as wildcard before but this source says it is wildcard
+						// then we should mark it as wildcard
+						if !uniqueMap[subdomain].WildcardCertificate && isWildcard {
+							val := uniqueMap[subdomain]
+							val.WildcardCertificate = true
+							uniqueMap[subdomain] = val
+						}
 						continue
 					}
 
-					hostEntry := resolve.HostEntry{Domain: domain, Host: subdomain, Source: result.Source}
+					hostEntry := resolve.HostEntry{Domain: domain, Host: subdomain, Source: result.Source, WildcardCertificate: isWildcard}
+					if r.options.ResultCallback != nil && !r.options.RemoveWildcard {
+						r.options.ResultCallback(&hostEntry)
+					}
 
 					uniqueMap[subdomain] = hostEntry
 					// If the user asked to remove wildcard then send on the resolve
@@ -109,6 +122,7 @@ func (r *Runner) EnumerateSingleDomainWithCtx(ctx context.Context, domain string
 		if r.options.RemoveWildcard {
 			close(resolutionPool.Tasks)
 		}
+
 		wg.Done()
 	}()
 
@@ -125,9 +139,22 @@ func (r *Runner) EnumerateSingleDomainWithCtx(ctx context.Context, domain string
 				// Add the found subdomain to a map.
 				if _, ok := foundResults[result.Host]; !ok {
 					foundResults[result.Host] = result
+					if r.options.ResultCallback != nil {
+						r.options.ResultCallback(&resolve.HostEntry{Domain: domain, Host: result.Host, Source: result.Source, WildcardCertificate: result.WildcardCertificate})
+					}
 				}
 			}
 		}
+
+		// Merge wildcard certificate information from uniqueMap into foundResults
+		// This handles cases where a later source marked a subdomain as wildcard
+		// after it was already sent to the resolution pool
+		for host, result := range foundResults {
+			if entry, ok := uniqueMap[host]; ok && entry.WildcardCertificate && !result.WildcardCertificate {
+				result.WildcardCertificate = true
+				foundResults[host] = result
+			}
+		}
 	}
 	wg.Wait()
 	outputWriter := NewOutputWriter(r.options.JSON)
@@ -162,17 +189,6 @@ func (r *Runner) EnumerateSingleDomainWithCtx(ctx context.Context, domain string
 		numberOfSubDomains = len(uniqueMap)
 	}
 
-	if r.options.ResultCallback != nil {
-		if r.options.RemoveWildcard {
-			for host, result := range foundResults {
-				r.options.ResultCallback(&resolve.HostEntry{Domain: host, Host: result.Host, Source: result.Source})
-			}
-		} else {
-			for _, v := range uniqueMap {
-				r.options.ResultCallback(&v)
-			}
-		}
-	}
 	gologger.Info().Msgf("Found %d subdomains for %s in %s\n", numberOfSubDomains, domain, duration)
 
 	if r.options.Statistics {

diff --git a/pkg/runner/outputter.go b/pkg/runner/outputter.go
@@ -19,22 +19,25 @@ type OutputWriter struct {
 }
 
 type jsonSourceResult struct {
-	Host   string `json:"host"`
-	Input  string `json:"input"`
-	Source string `json:"source"`
+	Host                string `json:"host"`
+	Input               string `json:"input"`
+	Source              string `json:"source"`
+	WildcardCertificate bool   `json:"wildcard_certificate,omitempty"`
 }
 
 type jsonSourceIPResult struct {
-	Host   string `json:"host"`
-	IP     string `json:"ip"`
-	Input  string `json:"input"`
-	Source string `json:"source"`
+	Host                string `json:"host"`
+	IP                  string `json:"ip"`
+	Input               string `json:"input"`
+	Source              string `json:"source"`
+	WildcardCertificate bool   `json:"wildcard_certificate,omitempty"`
 }
 
 type jsonSourcesResult struct {
-	Host    string   `json:"host"`
-	Input   string   `json:"input"`
-	Sources []string `json:"sources"`
+	Host                string   `json:"host"`
+	Input               string   `json:"input"`
+	Sources             []string `json:"sources"`
+	WildcardCertificate bool     `json:"wildcard_certificate,omitempty"`
 }
 
 // NewOutputWriter creates a new OutputWriter
@@ -117,7 +120,7 @@ func writeJSONHostIP(input string, results map[string]resolve.Result, writer io.
 		data.IP = result.IP
 		data.Input = input
 		data.Source = result.Source
-
+		data.WildcardCertificate = result.WildcardCertificate
 		err := encoder.Encode(&data)
 		if err != nil {
 			return err
@@ -130,7 +133,7 @@ func writeJSONHostIP(input string, results map[string]resolve.Result, writer io.
 func (o *OutputWriter) WriteHostNoWildcard(input string, results map[string]resolve.Result, writer io.Writer) error {
 	hosts := make(map[string]resolve.HostEntry)
 	for host, result := range results {
-		hosts[host] = resolve.HostEntry{Domain: host, Host: result.Host, Source: result.Source}
+		hosts[host] = resolve.HostEntry{Domain: host, Host: result.Host, Source: result.Source, WildcardCertificate: result.WildcardCertificate}
 	}
 
 	return o.WriteHost(input, hosts, writer)
@@ -175,6 +178,7 @@ func writeJSONHost(input string, results map[string]resolve.HostEntry, writer io
 		data.Host = result.Host
 		data.Input = input
 		data.Source = result.Source
+		data.WildcardCertificate = result.WildcardCertificate
 		err := encoder.Encode(data)
 		if err != nil {
 			return err
@@ -223,11 +227,12 @@ func writeSourcePlainHost(_ string, sourceMap map[string]map[string]struct{}, wr
 	for host, sources := range sourceMap {
 		sb.WriteString(host)
 		sb.WriteString(",[")
-		sourcesString := ""
+		var sourcesString strings.Builder
 		for source := range sources {
-			sourcesString += source + ","
+			sourcesString.WriteString(source)
+			sourcesString.WriteRune(',')
 		}
-		sb.WriteString(strings.Trim(sourcesString, ", "))
+		sb.WriteString(strings.TrimSuffix(sourcesString.String(), ","))
 		sb.WriteString("]\n")
 
 		_, err := bufwriter.WriteString(sb.String())
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,4 +8,5 @@ vendor/ @@
     .idea
     .devcontainer
     .vscode
-    dist
+    dist
+    /subfinder