Browser-Native Subdomain Scanner
Zero-Trust Utilities
What is Browser-Native Subdomain Scanner?
How it works
Features & Benefits
- 100% Private: Scan targets never touch any utility servers; queries go direct to public DoH providers
- Concurrent Scanning: Fast, throttled client-side resolution avoids browser rate limits and hangs
- CSV/JSON Export: Save discovered subdomains along with their IP resolutions instantly
- Offline Ready: The scanner code and default wordlist load once and run entirely on your local machine
Frequently Asked Questions
Is this scanner as fast as command line tools?
Because it is subject to browser fetch connection limits and CORS, it is designed for targeted discovery (using 50-200 common names) rather than brute-forcing millions of combinations.
Why does it use DNS-over-HTTPS instead of native socket connection?
Web browsers cannot make raw UDP/TCP DNS queries. DoH allows us to query DNS records via standard secure HTTP fetch requests.
Can I use custom wordlists?
Yes, you can edit the list of subdomains in the options section before launching the scan.
Related Tools
Analyze DNS records (MX, SPF, DMARC, TXT) to identify email spoofing risks and domain security configurations privately in your browser.
Test if your browser autofill is leaking hidden data to websites. Interactive simulation of the 'hidden field' attack.
Popular Utilities
Format, validate, and minify JSON instantly in your browser. Your data never leaves your device.
Decode JWT tokens and inspect header and payload instantly in your browser. Your tokens never leave your device.
Count words, characters, sentences, and estimate reading time instantly in your browser. No sign-up required.