Subdomain Finder aracı nasıl çalışır?

Girdiğiniz domain için Certificate Transparency logları, pasif DNS veritabanları ve yaygın subdomain sözlüğü üzerinden kamuya açık kayıtları sorgular. Aktif brute-force yapmaz, yani sitenize ek yük bindirmez.

Subdomain güvenlik riski ne anlama gelir?

Yüksek risk; yönetim paneli, API veya geliştirme ortamı gibi kritik alt alan adlarının kamuya açık olduğunu gösterir. Bu girişler kötü aktörler tarafından hedef alınabilir.

Rakip siteleri de tarayabilir miyim?

Evet. Araç yalnızca CT logları ve pasif DNS gibi kamuya açık veritabanlarını sorgular. Herhangi bir domain için izin olmaksızın kullanılabilir.

Araçlara Dön

Gizli Subdomain Keşfi

Web sitenizin bilinmeyen subdomain'lerini ve potansiyel güvenlik açıklarını keşfedin.

Subdomain Scanning in 3 Steps

Enter the Domain

Type your main domain (e.g., yourhotel.com) into the search box. It is recommended to enter it without 'www'.

Click Discover

The tool queries CT logs, passive DNS databases, and a common subdomain dictionary.

Assess the Risks

High, medium, and low-risk subdomains are categorized with color-coded labels. Remove unused ones from your DNS.

What is a Subdomain Finder?

Subdomain Finder is a security tool that automatically discovers all subdomains associated with a primary domain from public sources. Using Certificate Transparency logs, DNS queries, and common name dictionaries, it lists entries like api, dev, or old-booking for your hotel's domain. This helps you realize if attackers are entering through doors you haven't looked at for years.

Why Should You Find Unknown Subdomains for Your Hotel?

Most hotel groups forget dozens of subdomains in their DNS, such as pandemic-era campaign sites, old reservation engines, and staging environments handed over from agencies. These subdomains are often not up-to-date, run old software versions, and are preferred targets for attackers. Subdomain Finder presents your attack surface to you in a single report.

How Does Subdomain Scanning Work?

The tool uses three data sources: (1) Certificate Transparency logs—where subdomain names are recorded with every SSL certificate application and are public; (2) Passive DNS databases—public pools where historical DNS queries are accumulated; (3) Wordlist—common prefixes like admin, api, and staging are tested. It does not perform active port scanning or brute-force, so it places no extra load on the target.

Which Subdomains Usually Create Danger?

Prefixes containing management panels (admin, cpanel, webmail), development environments (staging, dev, test), old content (old, backup), and file transfer services (ftp) carry high risk. These subdomains may contain unpatched software, weak password policies, or open access points.

What is Subdomain Takeover?

Subdomain takeover occurs when a service (Heroku, GitHub Pages, Azure, etc.) associated with a subdomain still recorded in your DNS is shut down and then taken over by an attacker. The attacker can publish their own content on that subdomain; for example, they could present a fake booking form at promo.yourhotel.com. Search engines and your guests will think this page belongs to you.

Best Practices for Hotel Subdomain Security

1) Inventory all your subdomains and update them regularly. 2) Delete unused CNAME records from DNS—especially those pointing to external services. 3) Enforce HTTPS on all active subdomains. 4) Set up CT log monitoring to get notifications when a new subdomain is created. 5) Bring old campaign and staging subdomains into a corporate naming standard.

Sık Sorulan Sorular

How does the Subdomain Finder tool work?

It queries public records for the domain you enter via Certificate Transparency logs, passive DNS databases, and a common subdomain dictionary. It does not perform active brute-force, meaning it places no extra load on your site.

Will it really find all my subdomains?

It finds most of those reflected in public sources. Subdomains for which no SSL certificate has ever been obtained and which are kept in a private zone in DNS may be invisible—compare results with your internal DNS inventory for such areas.

Are the discovered subdomains secure?

The tool only lists them; it does not perform vulnerability testing. It is recommended to check each subdomain separately with SSL Checker and Phishing Scanner.

Which prefixes are marked as high risk?

Prefixes hosting management or old content like admin, staging, dev, test, old, backup, cpanel, and webmail are labeled high risk; mail, ftp, and vpn are labeled medium risk.

Can I scan my competitor's subdomains?

Since it queries public data, it is technically possible and legal. However, you cannot take any aggressive actions based on the findings.

How do I protect against subdomain takeover?

Delete DNS records for subdomains you don't use, regularly audit records pointing to external services with CNAME, and track new certificate creations with CT log monitoring.

What is the difference between the free tool and the enterprise plan?

The free tool offers a one-time scan. An enterprise RuuSafe subscription includes continuous monitoring, new subdomain alerts, SSL status tracking, and takedown support.

How should I use the results?

Evaluate the list in three groups: still in use and up-to-date, in use but not up-to-date (fix), and not in use (delete DNS record). Address high-risk prefixes first.

SSL Certificate Check

CT Log Search

WHOIS Lookup

Phishing Check

hotel subdomain security guide subdomain tracking with CT log monitoring detecting fake sites behind Cloudflare

Let Us Continuously Monitor All Your Subdomains

24/7 monitoring service for new subdomain detection, SSL status tracking, and risky entry notifications.