Subdomain Enumerator

v1.0.0

Discovers and enumerates all subdomains associated with a target domain using deep reconnaissance techniques.

⭐ 0· 148·0 current·0 all-time

byToolWeb@krishnakumarmahadevan-cmd

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

The skill's name and description match the provided SKILL.md and openapi.json: it documents a remote API for subdomain enumeration. It does not request unrelated binaries, creds, or local access, so the requested footprint is proportionate for a remote API wrapper.

ℹ

Instruction Scope

The SKILL.md stays within the stated purpose (enumeration via an API) and does not instruct reading local files or environment variables. However it clearly refers to external endpoints (api.mkkpro.com, toolweb.in) and implies sending target domains to those third parties; the SKILL.md does not document any local data collection or other out‑of‑scope actions.

✓

Install Mechanism

No install spec or code is included (instruction-only), so nothing will be written to disk or installed. This is the lowest‑risk installation posture.

ℹ

Credentials

The skill declares no environment variables or credentials, which is consistent with an API wrapper that may offer a free tier. That said, the SKILL.md references paid plans and API portals but provides no guidance about authentication; an API key or account may be required in practice even though none are declared.

✓

Persistence & Privilege

The skill does not request persistent presence (always is false) and does not ask to modify other skills or system settings. It does not request elevated privileges.

Assessment

This skill is a documentation-only wrapper around a third‑party subdomain enumeration API (toolweb / api.mkkpro). Before installing or invoking it: (1) Confirm you are authorized to scan any domain you send—do not enumerate domains you do not own or have permission to test. (2) Understand that the target domain names (and any data returned) will be sent to external services (api.mkkpro.com / toolweb.in); review their privacy/TOS. (3) Check whether the API actually requires an API key or account (SKILL.md doesn't declare credentials) and verify pricing/quotas. (4) If you plan to enumerate internal or sensitive targets, prefer an in‑house tool or one you control rather than a third‑party service. If you want higher assurance, ask the publisher for the server base URL and auth requirements or request source code / provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk978f282f24rs696a30f2z9nmh8388er

148downloads

0stars

1versions

Updated 4w ago

v1.0.0

MIT-0

Overview

The Subdomain Enumerator is a powerful reconnaissance tool designed for security professionals, penetration testers, and bug bounty hunters who need to identify all active and inactive subdomains within a target domain. This API leverages multiple enumeration techniques to build a comprehensive map of an organization's subdomain infrastructure, which is critical for attack surface mapping and vulnerability assessment.

Subdomain enumeration is often the first step in a security assessment workflow. By discovering hidden or forgotten subdomains, security teams can identify overlooked assets that may contain vulnerabilities, outdated services, or misconfigurations. The Subdomain Enumerator automates this reconnaissance process, saving time and improving coverage compared to manual discovery methods.

This tool is ideal for security researchers conducting authorized penetration tests, red team operators performing scope definition, DevSecOps teams mapping their infrastructure, and organizations performing internal asset discovery for compliance purposes.

Usage

Sample Request

{
  "domain": "example.com"
}

Sample Response

{
  "domain": "example.com",
  "subdomains": [
    {
      "subdomain": "www.example.com",
      "ip_address": "93.184.216.34",
      "status": "active"
    },
    {
      "subdomain": "mail.example.com",
      "ip_address": "93.184.216.35",
      "status": "active"
    },
    {
      "subdomain": "staging.example.com",
      "ip_address": "192.0.2.1",
      "status": "active"
    },
    {
      "subdomain": "old-api.example.com",
      "ip_address": null,
      "status": "inactive"
    }
  ],
  "total_found": 4,
  "enumeration_time_ms": 5420
}

Endpoints

POST /enumerate-deep

Performs deep enumeration of subdomains for a specified domain using multiple reconnaissance techniques.

Method: POST
Path: /enumerate-deep

Request Parameters:

Name	Type	Required	Description
domain	string	Yes	The target domain to enumerate (e.g., `example.com`). Must be a valid domain name.

Response Schema:

The response returns a JSON object containing:

Field	Type	Description
domain	string	The target domain that was enumerated
subdomains	array	Array of discovered subdomain objects, each containing `subdomain`, `ip_address`, and `status` fields
total_found	integer	Total count of subdomains discovered
enumeration_time_ms	integer	Time taken to complete enumeration in milliseconds

HTTP Status Codes:

200 OK — Enumeration completed successfully
422 Unprocessable Entity — Validation error in request body (missing or invalid domain parameter)

Pricing

Plan	Calls/Day	Calls/Month	Price
Free	5	50	Free
Developer	20	500	$39/mo
Professional	200	5,000	$99/mo
Enterprise	100,000	1,000,000	$299/mo

About

ToolWeb.in — 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Kong Route: https://api.mkkpro.com/security/subdomain-enumerator
API Docs: https://api.mkkpro.com:8006/docs

Comments

Loading comments...