Skip to content
The domain enumeration and scanning tool for hackers
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

About EZDomain

                           ____  ___  __    __   _  _     _    ___   _   _
                          |        / |  \  |  | | \/ |   / \    |   | \  |
                          |----   /  |   | |  | |    |  /___\   |   |  \ |
                          |____  /__ |__/  |__| |    | /     \ _|_  |   \|


EZdomain is red team tool based on python programming that use to enumerate and scan the domains such as sub-domains, directory, file, S3 bucket by customizing the position (specific an * in the URL) of the payload and brute-forcing with provided wordlists or string generated.


git clone


Python modules (requests, argparse, tqdm, multiprocessing, termcolor)

  • Installation on Windows:
c:\python27\python.exe -m pip install -r requirements.txt
  • Installation on Linux and MacOSX
sudo pip install -r requirements.txt


Short Long Description
-d --domain Providing a domain name (ex. domain-*.com)
-w --wordlist Providing a path of a wordlist file
-b --bruteforce Providing the character set (eariotnslcudpmhgbfywkvxzjq)
-min --min-length Providing the min length of string (default is 1)
-max --max-length Providing the max length of string (default is 3)
-o --output Providing a path of output file
-oS --output-subdomain A list of subdomains output; Providing a path of output file
-t --thread Providing a thread number (default is 3)
-x --exclude Providing a exclude output status code (ex. -x 443,404)
-h --help show this help message and exit


  • To list all the options use -h
python -h
  • To find the sub-domains
python -d http://* -w wordlists/subdomain/subdomains-1000.txt
  • To find the directory or file in the domain
python -d* -w wordlists/directory/directory-list-med.txt -x 404
  • To find the S3 bucket (You can exclude the 403 status code to find only a public bucket)
python -d http://company-* -w wordlists/word/common-words.txt -x 404
  • To brute-force the domain with character set and you can provide a min or a max length of the payload string
python -d https://* -b abc -min 3 -max 5


License of ezdomain is under GNU GPL license. LICENSE


Current version is 1.0

You can’t perform that action at this time.