What is a subdomain scanner?

It tries common subdomain names (like www, mail, api) against DNS to see which ones resolve. It helps security research and infrastructure mapping.

Is subdomain scanning legal?

Querying public DNS for published names is generally like browsing the phone book; always respect the target's terms of service and local laws. Do not use results to attack systems.

Why did a subdomain not appear?

The host may not exist, may be internal-only, or may use wildcard DNS. Our list covers common names but not every possible hostname.

How long does a scan take?

Runtime depends on how many names are checked and resolver speed—typically seconds to a minute for interactive use.

🔎

Subdomain Scanner

Discover active subdomains using DNS enumeration.

A subdomain scanner tries common hostnames (www, mail, api, admin, etc.) against DNS to see which ones resolve. It helps map a site's public footprint for IT admins and security reviews—only use it on domains you are allowed to test.

Checks 30+ common subdomain patterns via DNS resolution.

What Is Subdomain Scanning?

A subdomain is a prefix added to a domain name — for example, mail.example.com, api.example.com, or blog.example.com. Large websites often have dozens of subdomains serving different functions: the main website, API endpoints, CDN servers, email systems, admin panels, and development environments.

Subdomain scanning (or enumeration) is the process of discovering which subdomains exist for a given domain. Our tool uses DNS-based enumeration — it checks a list of common subdomain names against the domain's DNS records and reports which ones resolve to an IP address.

How Our Scanner Works

Our subdomain scanner checks over 30 common subdomain names including www, mail, ftp, smtp, pop, imap, webmail, cpanel, whm, admin, portal, api, dev, staging, beta, app, secure, vpn, cdn, static, media, blog, shop, support, docs, and more.

For each subdomain, we perform a DNS A record lookup. If the subdomain resolves to one or more IP addresses, it is reported as active. This approach is non-intrusive — we only perform DNS queries, not actual HTTP connections or port scans.

Note that this tool only finds subdomains matching common patterns. Custom or random subdomains (e.g., x7y2a.example.com) will not be discovered by this method. For comprehensive subdomain discovery, specialized security tools with large wordlists are required.

Responsible Use

Subdomain scanning should only be performed on domains you own or have explicit permission to scan. Unauthorized subdomain scanning may be considered a form of network reconnaissance and could violate terms of service or local computer use laws.

SpeedTester.pk's subdomain scanner is intended for legitimate use cases: webmasters checking their own domain setup, developers verifying infrastructure, and security researchers with proper authorization. Please use this tool responsibly and ethically.