惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

量子位
P
Privacy International News Feed
Security Latest
Security Latest
Spread Privacy
Spread Privacy
NISL@THU
NISL@THU
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Last Watchdog
The Last Watchdog
S
Schneier on Security
Engineering at Meta
Engineering at Meta
Google Online Security Blog
Google Online Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
Cyberwarzone
Cyberwarzone
C
Cyber Attacks, Cyber Crime and Cyber Security
G
GRAHAM CLULEY
A
Arctic Wolf
博客园 - 聂微东
I
Intezer
腾讯CDC
罗磊的独立博客
T
Tailwind CSS Blog
WordPress大学
WordPress大学
宝玉的分享
宝玉的分享
L
Lohrmann on Cybersecurity
人人都是产品经理
人人都是产品经理
C
Cybersecurity and Infrastructure Security Agency CISA
博客园 - 【当耐特】
P
Palo Alto Networks Blog
Simon Willison's Weblog
Simon Willison's Weblog
W
WeLiveSecurity
N
News and Events Feed by Topic
SecWiki News
SecWiki News
S
Security Affairs
T
Threat Research - Cisco Blogs
The GitHub Blog
The GitHub Blog
F
Fortinet All Blogs
T
Troy Hunt's Blog
N
News and Events Feed by Topic
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
酷 壳 – CoolShell
酷 壳 – CoolShell
M
MIT News - Artificial intelligence
I
InfoQ
Hacker News: Ask HN
Hacker News: Ask HN
T
The Blog of Author Tim Ferriss
Schneier on Security
Schneier on Security
Hacker News - Newest:
Hacker News - Newest: "LLM"
Vercel News
Vercel News
博客园 - 三生石上(FineUI控件)
D
Darknet – Hacking Tools, Hacker News & Cyber Security

Mapping the <mark>Internet</mark> on Netlas: Comprehensive Internet-Wide Scanning & OSINT Platform

Weaponized RMM: Hunting the Adversary Abuse of Remote Monitoring Tools Device Code Phishing: Technical Analysis and Proactive Hunting via Netlas Discovering Data Exposure with Netlas Telegram Bot API Abuse - Netlas Blog Using OWASP Amass with Netlas Module - Netlas Blog How we hunt C2 infrastructure at RST Cloud using Netlas - Netlas Blog Using Uncover with Netlas.io module - Netlas Blog Netlas Updates Terms and API & Data License Agreement - Netlas Blog Top 10 Hacking Devices for Ethical Hackers in 2026 - Netlas Blog Inside ClickFix: How Fake Prompts Took Over the Web Top 10 Critical Threat Actors to Watch in 2026: Ransomware, APTs & Defensive Strategies - Netlas Blog Bug Bounty 101 - A Complete Bug Bounty Roadmap for Beginners (2026) - Netlas Blog Supply Chain Attack - How Attackers Weaponize Software Supply Chains - Netlas Blog The Evolution of C2: Centralized to On-Chain - Netlas Blog From Starlink to Star Wars - The Real Cyber Threats in Space - Netlas Blog LLM Vulnerabilities: Why AI Models Are the Next Big Attack Surface - Netlas Blog When AI Turns Criminal: Deepfakes, Voice-Cloning & LLM Malware - Netlas Blog Zero-Click Exploits - Netlas Blog When Patches Fail: An Analysis of Patch Bypass and Incomplete Security - Netlas Blog I Analysed Over 3 Million Exposed Databases Using Netlas - Netlas Blog Post-Quantum Now: From AES & RSA to ML-KEM Hybrids - Netlas Blog Bug Bounty 101: Top 10 Reconnaissance Tools - Netlas Blog Mapping Dark Web Infrastructure - Netlas Blog Top Vibe-Coding Security Risks - Netlas Blog From Chaos to Control: Kanvas Incident Management Tool - Netlas Blog Bug Bounty 101: The Best Courses to Get Started in 2025 - Netlas Blog I, Robot + NIST AI RMF = Complete Guide on Preventing Robot Rebellion - Netlas Blog The $1.5B Bybit Hack & How OSINT Led to Its Attribution - Netlas Blog Hannibal Stealer: A Deep Technical Analysis - Netlas Blog Proactive Threat Hunting: Techniques to Identify Malicious Infrastructure - Netlas Blog The Pyramid of Pain: Beyond the Basics - Netlas Blog SOCMINT: Intelligence in the Social Media Era - Netlas Blog Hannibal Stealer vs. Browser Security - Netlas Blog The Largest Data Breach Ever? How Hackers Stole 16 Billion Credentials - Netlas Blog DNS Cache Poisoning – Is It Still Relevant? - Netlas Blog Modern Cybercrime: Who’s Behind It and Who’s Stopping It - Netlas Blog AI-Driven Attack Surface Discovery - Netlas Blog Netlas vs Urlscan: Tools Comparison - Netlas Blog Track Adversary Infrastructure Challenge 2025 Recap - Netlas Blog What is Threat Intelligence - Netlas Blog Netlas vs IPinfo: Tools Comparison - Netlas Blog Best Nmap Alternatives - Netlas Blog Whois History: How to Check the Domain Owner History - Netlas Blog Top WHOIS & RDAP Tools for Fast IP Address Lookup - Netlas Blog ASN Lookup Explained: Tools, Methods & Insights - Netlas Blog How to Detect CVEs Using Nmap Vulnerability Scan Scripts - Netlas Blog Nmap Cheat Sheet: Top 10 Scan Techiques - Netlas Blog Netlas vs ZoomEye: Platforms Comparison - Netlas Blog Top 6 Most Widely Used Port Scanners in Cybersecurity - Netlas Blog FAQ: Understanding Root DNS Servers and the Root Zone - Netlas Blog Domain Recon: Must-Know Tools for Security Professionals - Netlas Blog DNS History: Exploring Domains Past by Inspecting DNS Trails - Netlas Blog DNSSEC: Should You Use It? An Expert’s View on the Pros, Cons, and When to Implement - Netlas Blog Which DNS Servers Offer the Best Balance of Speed, Security, and Privacy? - Netlas Blog theHarvester: a Classic Open Source Intelligence Tool - Netlas Blog - Netlas Blog Top 15 OSINT Tools for Expert Intelligence Gathering - Netlas Blog A Deep Dive into the Open Web Application Security Project Top 10 Vulnerabilities - Netlas Blog Netlas Chrome and Firefox Extensions - Netlas Blog Netlas vs Censys: Platforms Comparison - Netlas Blog OSINT in Cybersecurity: Exploring Its Spectrum and Tech - Netlas Blog Best Honeypots for Detecting Network Threats - Netlas Blog Using Maltego with Netlas Module - Netlas Blog Using theHarvester with Netlas - Netlas Blog Using TLDFinder with Netlas - Netlas Blog Netlas vs Fofa: Platforms Comparison - Netlas Blog Netlas vs Shodan: Platforms Comparison - Netlas Blog Google Dorking in Cybersecurity - Netlas Blog 7 Tools for Web Penetration Testing - Netlas Blog Using DNS History in Cybersecurity - Netlas Blog Mastering Online Camera Searches - Netlas Blog Best Attack Surface Visualization Tools - Netlas Blog Complete Guide on Attack Surface Discovery - Netlas Blog How to find unprotected databases with Netlas.io: Chapter 2 - Netlas Blog
Using Subfinder with Netlas Module - Netlas Blog
Vyacheslav Makhrov · 2025-02-07 · via Mapping the <mark>Internet</mark> on Netlas: Comprehensive Internet-Wide Scanning & OSINT Platform

Subfinder is a utility from ProjectDiscovery designed for passively list subdomains. It is distinguished by its speed, abundance of available sources, ease of setup, and its popularity. Moreover, relatively recently, the ProjectDiscovery team integrated Netlas into their tool, adding a new search module.

This article will tell you exactly how to connect Netlas when using Subfinder, what settings you need to make in the configuration file, and what restrictions you may encounter.

Installing

Installing the utility is quite simple. There are three options in total:

  1. Build from sources using the go command. This method will be described in more detail.

  2. Download the archive of the required release and unpack it.

  3. Clone the repository from GitHub and use the build command.

Let’s focus on the first method. First, you need to check if the Go language is installed on your device and if its version meets the requirements of the tool. To do this, enter the following command in the terminal:

The result should be something like this:

Go Version Go Version

If you do not have the language or the required version (min. 1.21), you can install it via snap using the following command:

Once you download the language pack, you can proceed directly to installing Subfinder. To do this, ProjectDiscovery recommends the command:

go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest

Installing complete!

Configuration

In general, you can already use Subfinder. However, the purpose of this article is to connect the Netlas module to it. Therefore, the next step will be setting up the configuration file.

Here we need to make changes to two files at once: config.yaml and provider-config.yaml. Go to the subfinder directory and check for their presence.

  • on the Debian-based systems
  • on the MacOS
    /Users/user/Library/Application Support/subfinder

If the directory is empty or missing, run Subfinder using the command:

This will give you a short list of settings and options for the utility. It should look like the following image:

Subfinder Settings Subfinder Settings

After this, return to the $HOME/.config/subfinder directory.

So what do we need to configure? Let’s start by entering the API key. Open provider-config.yaml, find the line dedicated to Netlas, and add your API key in square brackets. It is simple.

Insert API Key Insert API Key

The next step is to configure the frequency of calls to the API. The fact is that Netlas does not return results more than once per second. The developers at ProjectDiscovery considered this by setting a wait in the code, but in my testing, it turned out that this limitation does not always work. Therefore, it is better to configure the delay separately in the configuration file.

To do this, open config.yaml. There you need to find the rate-limits line, uncomment it, and add the line “netlas=1/s” in square brackets. It will look like this:

Netlas API Rate Netlas API Rate

This completes the basic setup required to use the Netlas module inside Subfinder. You can also read the configuration files yourself in case you need to connect other tools, such as Shodan or Censys. I will move on to examples of use.

Usage

Let’s start with Subfinder flags.

The -d or -dL flags are used to specify the target domain. The first implies that you are looking for subdomains for only one domain name (I will use this one in the examples), and the second is for a number of names.

Next, you need to specify the data source. The flags used here are -s (one source, will be used in the examples), -recursive (only sources that support recursive search of subdomains are launched), -all (all sources, slowest mode), and -es (excluding some sources from the list).

Thus, to search for subdomains using the Netlas module, we can use the following command:

subfinder -d target.com -s netlas

This command should return all subdomains of the target.com site. Let’s launch it.

target.com exploration target.com exploration

A total of 1982 subdomains were found. By opening netlas.io, you can verify that this is exactly how much is stored in the Netlas database.

Subdomains in Netlas Subdomains in Netlas

Conclusion

Many information security professionals prefer a powerful tool such as Subfinder. In turn, Netlas is one of the best IoT search engines. Their combination can give you truly high-quality reconnaissance, and the connection of some other sources, such as Shodan and Censys, will leave no chance for the surface being explored to hide something.

What is your choise

I can show you how deep the Internet really goes

Discover exposed assets, infrastructure links, and threat surfaces across the global Internet.