TLDHunter is a powerful DNS-based TLD (Top-Level Domain) discovery tool designed for security researchers, bug bounty hunters, and red team professionals. It efficiently combines your custom keywords with an extensive list of TLDs to discover potentially valid domain names through DNS resolution.
- 3000+ TLD Support: Automatically downloads and uses SecLists' comprehensive TLD database
- Custom TLD Lists: Support for custom TLD files for specialized reconnaissance
- Multi-Record DNS Resolution: Resolves A, AAAA, CNAME, MX, and NS records
- Flexible Output: Customizable output files with sorted, deduplicated results
- Robust Error Handling: Built-in dependency checking and input validation
- Clean Interface: Color-coded output with professional CLI design
- Temporary File Management: Automatic cleanup of temporary files
- Asset Discovery: Find hidden subdomains and related domains
- Brand Monitoring: Discover typosquatting and brand abuse domains
- Domain Takeover: Identify potentially vulnerable domains
- Infrastructure Reconnaissance: Map target organization's digital footprint
- Social Engineering: Discover lookalike domains for phishing campaigns
- Attack Surface Mapping: Identify additional entry points
- Threat Intelligence: Monitor domain registrations across TLDs
- Cybersquatting Detection: Identify unauthorized domain registrations
- Brand Protection: Proactive monitoring of brand-related domains
- dnsx: High-performance DNS toolkit by ProjectDiscovery
go install github.com/projectdiscovery/dnsx/cmd/dnsx@latest
- Bash 4.0+ (Linux/macOS/WSL)
- Internet connection (for default TLD list download)
- curl (for SecLists TLD download)
# Clone the repository
git clone https://github.com/trinity999/TLDHunter.git
cd TLDHunter
# Make executable
chmod +x tldhunter.sh
# Run the tool
./tldhunter.sh -f keywords.txt# Download the script
wget https://raw.githubusercontent.com/trinity999/TLDHunter/main/tldhunter.sh
# Make executable
chmod +x tldhunter.sh# Create a keywords file
echo -e "google\namazon\nmicrosoft" > brands.txt
# Run TLDHunter
./tldhunter.sh -f brands.txt# Use custom TLD list
./tldhunter.sh -f keywords.txt -tld custom_tlds.txt -o discovered_domains.txt
# With custom output file
./tldhunter.sh -f company_names.txt -o company_domains.txtUsage: ./tldhunter.sh -f <keywords.txt> [-tld <tlds.txt>] [-o <output.txt>]
Options:
-f <file> Input file with base keywords/domains (REQUIRED)
-tld <file> Optional file with list of TLDs (e.g., .com, .org)
If not provided, default list is downloaded from SecLists
-o <file> Output file to save valid resolved domains (default: active.txt)
-h, --help Show help message and exit
Keywords File (keywords.txt):
google
amazon
microsoft
netflix
spotify
Custom TLD File (custom_tlds.txt):
.com
.org
.net
.io
.ai
.co
# Monitor brand variations across TLDs
echo -e "yourcompany\nyour-company\nyourcompanyinc" > brand_keywords.txt
./tldhunter.sh -f brand_keywords.txt -o brand_monitoring.txt# Target company asset discovery
echo -e "targetcorp\ntarget\ntargetcompany" > target_keywords.txt
./tldhunter.sh -f target_keywords.txt -o target_domains.txt# Focus on specific TLD categories
echo -e ".ai\n.ml\n.io\n.co" > tech_tlds.txt
./tldhunter.sh -f startups.txt -tld tech_tlds.txt -o tech_domains.txt===============================
TLDHunter
-------------------------------
Advanced TLD Discovery Tool
by Abhijeet Panda
===============================
[+] Generating domain combinations...
[+] Running dnsx resolution...
google.com [A]
google.org [A]
amazon.com [A,AAAA]
amazon.net [A]
microsoft.com [A,AAAA]
microsoft.org [A]
[β] Done! Results saved to: active.txt
TLDHunter respects the following environment variables:
# Custom dnsx options
export DNSX_OPTS="-timeout 10 -retry 3"
# Custom resolver
export RESOLVERS="8.8.8.8,1.1.1.1"TLDHunter/
βββ tldhunter.sh # Main script
βββ README.md # This documentation
βββ LICENSE # MIT License
βββ CHANGELOG.md # Version history
βββ examples/ # Example files
β βββ keywords.txt # Sample keywords
β βββ custom_tlds.txt # Sample TLD list
βββ docs/ # Additional documentation
βββ USAGE.md # Detailed usage guide
- Wildcard Detection: Automatic wildcard DNS detection to reduce false positives
- HTTP Status Checking: Integration with httpx for live domain verification
- Custom DNS Resolvers: Support for custom DNS servers and resolver lists
- Progress Indicators: Real-time progress bars for large keyword lists
- Resume Functionality: Ability to resume interrupted scans
- Statistics Dashboard: Comprehensive scan statistics and success rates
- Multi-threading: Parallel processing for faster execution
- Output Formats: JSON, CSV, and XML output options
We welcome contributions! Please see our Contributing Guidelines for details.
# Fork and clone the repository
git clone https://github.com/trinity999/TLDHunter.git
cd TLDHunter
# Create a feature branch
git checkout -b feature/your-feature-name
# Make your changes and test
./tldhunter.sh -f examples/keywords.txt
# Submit a pull requestThis project is licensed under the MIT License - see the LICENSE file for details.
- ProjectDiscovery Team for the excellent dnsx tool
- Daniel Miessler for maintaining SecLists
- Security Community for continuous feedback and improvements
- Author: Abhijeet Panda (@trinity999)
- Issues: GitHub Issues
- Discussions: GitHub Discussions
dns-bruteforcing tld-discovery domain-enumeration bug-bounty red-team security-tools reconnaissance asset-discovery domain-monitoring cybersecurity penetration-testing osint bash-script dnsx projectdiscovery
β Star this repository if TLDHunter helped you in your security research!