████████╗██████╗ █████╗ ██████╗███████╗██╗ ██╗
╚══██╔══╝██╔══██╗██╔══██╗██╔════╝██╔════╝╚██╗██╔╝
██║ ██████╔╝███████║██║ █████╗ ╚███╔╝
██║ ██╔══██╗██╔══██║██║ ██╔══╝ ██╔██╗
██║ ██║ ██║██║ ██║╚██████╗███████╗██╔╝ ██╗
╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝╚══════╝╚═╝ ╚═╝
Advanced Subdomain Enumeration & Intelligence Platform
Fast • Modern • Powerful
TraceX is a next-generation subdomain enumeration tool built for bug bounty hunters and security researchers. It combines speed, intelligence, and beautiful UI to discover attack surfaces efficiently.
- 🚀 Lightning Fast - Concurrent processing (50-200 subdomains/sec)
- 🎨 Beautiful TUI - Modern terminal interface with real-time progress
- 📊 Dual Mode - Enumerate domains OR verify existing lists
- 🔍 HTTP Probing - Test HTTP/HTTPS with status codes & headers
- 🛡️ Wildcard Filter - Detect and exclude wildcard DNS entries
- 📁 Multi-Format - Export to TXT, JSON, CSV
- ⚡ 8 Sources - Aggregates from crt.sh, URLScan, AlienVault, etc.
- 🤫 Silent Mode - Perfect for piping to other tools
# Clone and build
git clone https://github.com/penguinshero/tracex.git
cd tracex
go build -o tracex main.go
# Install globally (optional)
sudo mv tracex /usr/local/bin/Requirements: Go 1.21+
# Basic scan
tracex -d example.com
# Full scan with HTTP probing
tracex -d tesla.com -p -o results.json
# Verify subdomain list (NEW!)
tracex -i subdomains.txt -p -o live.csv
# Silent mode for piping
tracex -d target.com -s | httpx -silenttracex -d <domain> [options] # Enumeration mode
tracex -i <file> [options] # Verification mode| Flag | Description | Example |
|---|---|---|
-d |
Target domain | -d hackerone.com |
-i |
Input file (verify mode) | -i subs.txt |
-o |
Output file | -o results.json |
-p |
Enable HTTP probing | -p |
-w |
Workers (default: 50) | -w 100 |
-t |
Timeout seconds (default: 5) | -t 3 |
-wc |
Enable wildcard detection | -wc |
-ew |
Exclude wildcards | -ew |
-r |
Follow CNAME chains | -r |
-s |
Silent mode | -s |
-f |
Output format (txt/json/csv) | -f json |
-v |
Show version | -v |
-h |
Show help | -h |
tracex -d hackerone.comtracex -d tesla.com -p -wc -ew -o tesla_full.json# Check which subdomains are still live
tracex -i old_list.txt -p -o verified.csvtracex -d example.com -w 200 -t 3 -o fast.txt# Pipe to httpx
tracex -d target.com -s | httpx -title -tech-detect
# Pipe to nuclei
tracex -d target.com -s | nuclei -t cves/ -silentapi.example.com
www.example.com
shop.example.com
{
"domain": "example.com",
"live_hosts": 156,
"live_subdomains": [
{
"subdomain": "api.example.com",
"ips": ["192.168.1.1"],
"http_status": 200,
"server": "nginx",
"is_wildcard": false
}
]
}Subdomain,IPs,HTTP_Status,Server,Is_Wildcard
api.example.com,192.168.1.1,200,nginx,false# Enumerate and probe
tracex -d target.com -p -wc -ew -o recon.json
# Extract live hosts
cat recon.json | jq -r '.live_subdomains[].subdomain' > live.txt
# Scan for vulnerabilities
nuclei -l live.txt -t cves/ -o vulns.txt# Verify old subdomain list
tracex -i old_scan.txt -p -o current_live.json
# Compare with previous scan
diff old_live.txt current_live.txt# Daily scan (add to crontab)
0 2 * * * tracex -d target.com -s -o /scans/$(date +\%Y\%m\%d).txtBuilt with:
- Bubble Tea - TUI framework
- Lip Gloss - Styling
Data Sources: crt.sh • URLScan • ThreatCrowd • AlienVault • Anubis • DNSDumpster • CertSpotter • VirusTotal
Muhammad Shawon (@penguinshero)
Ethical Hacker | Security Researcher | Tool Developer
MIT License - See LICENSE for details