Getting Started with the Acunetix Subdomain Scanner

The Subdomain Scanner is one of the tools in the Acunetix Manual Tools suite (available to download for free). The Subdomain Scanner allows you to run a scan on a top-level domain to discover subdomains configured in its hierarchy.

The Subdomain Scanner uses the target domain’s DNS server (or any other DNS server specified) to scan the domain for possible subdomains. While scanning, the Subdomain Scanner will also automatically identify if the domain being scanned uses wildcards (*.domain.com).

You can start using the Subdomain Scanner by launching the Acunetix Tools application, and selecting the Subdomain Scanner from the Tools Explorer.

Subdomain Scanner

The top pane in the Subdomain Scanner is where you’ll see results of the subdomain scan. The bottom pane displays the HTTP response headers and data received from the server.

Scan a domain

You may either use the target’s DNS server to resolve DNS queries (default), or, alternatively, you may specify a DNS server of your choice to resolve DNS queries.

Scan a domain

You may also choose to alter the default timeout (10 seconds by default). Increasing the timeout value may be useful if DNS requests are timing out. Click the Start button to begin the subdomain scan.

Analyzing results

Discovered web servers are displayed as soon as they are discovered in the bottom pane. The server’s IP address and web server banner are also retrieved.

You can right-click the discovered web server to send custom requests using the HTTP Editor, as well as export the list of discovered web servers as a CSV file.


Acunetix is an automated web application security scanner and vulnerability management platform. In addition, Acunetix also provides a suite of manual pentesting tools that allow users to quickly and easily confirm and take automated testing further.

Share this post
  • Leave a Reply

    Your email address will not be published.