Skip to content
Switch branches/tags
Go to file
4 contributors

Users who have contributed to this file


Build Status codecov Maintainability License python python

👊OneForAll is a powerful subdomain integration tool 📝中文文档


🚀Start Guide

📢 Please read this document to help you start quickly!

🐍Installation requirements

OneForAll is developed and tested based on Python 3.6.0, OneForAll needs to be higher than Python 3.6.0 to run. For more information on installing the Python environment, please read Python 3 Installation Guide.

After installation python, run the following command to check the Python and pip3 versions:

python -V
pip3 -V

If you see the following output, there is no problem with the Python environment:

Python 3.6.0
pip 19.2.2 from C:\Users\shmilylty\AppData\Roaming\Python\Python36\site-packages\pip (python 3.6)
Installation steps (for Git)
  1. Download

Because OneForAll is under development yet, it is recommended that use git clone to clone the latest code repository. Downloading from Releases is not recommended.

If you are in China, it is recommended that you choose Gitee for cloning:

git clone


git clone
  1. Installation

You can use pip3 install requirements, the following is an example of using pip3 to install dependencies under Windows: (Note: If your Python3 is installed in the system Program Files In the directory, such as: C:\Program Files\Python36, please run the following as an administrator!)

cd OneForAll/
python3 -m pip install -U pip setuptools wheel
pip3 install -r requirements.txt
python3 --help

For other system platforms, please read dependency installation. If you compile failed during the installation, you can find solution in Q&A documentation. If still not resolved, welcome issues.

  1. Update

Run the following command to update project ( maintain your updates to /config/setting.pyand/config/

git stash        # Stash local Git changes
git fetch --all  # Fetch updates
git pull         # Pull updates
git stash pop    # Apply the local Git changes stash
Installation steps (for Docker)
docker pull shmilylty/oneforall
docker run -it --rm -v ~/results:/OneForAll/results oneforall

Result will be saved in ~/results.

OneForAll usage

If you are use pip3, run the following command:

python3 --target run
python3 --targets ./example.txt run


🧐Instructions for results

Let's take the command python3 --target run as an example. When command finished in the default configuration, OneForAll will generate results in the results directory:

Result is the result for each domain.

all_subdomain_result_1583034493.csv is the result for all domains when your target have multiple domains.

result.sqlite3 is the SQLite3 database that stores all the subdomains collected by OneForAll. The database structure is shown below:


example_com_origin_result table stores the origin subdomain results of each module.

example_com_resolve_result table stores the results of resolving subdomains.

example_com_last_result table stores the results of subdomain collection last time.

example_com_now_result table stores the collection results of the current subdomains. Usually using this table is enough.

For more information, please see Field explanation.

🤔Instructions for Use

The CLI only provide some common parameters. For more configuration, please read IF you have any suggestions, welcome feedback. Some modules need access API (most of which are freely available after registered accounts). If you need , please go to to configure the API. If not used, just ignore the error message. (For module detailes, please read collection module description)

The OneForAll command line interface is based on Fire. For more advanced usage of Fire, please refer to using the Fire CLI, if you have any doubts during the use, please feel free to give me feedback. is the program main entrence, and can call,, and other modules. But you can also use these modules separately, if you want, please refer to the usage help.

Note: When you encounter some problems or doubts during use, please search answers on issues first. You can also read Q&A.

OneForAll help summary

The following help information may not be up to date. You can use python --help to get the latest help information.

python --help
NAME - OneForAll help summary page

SYNOPSIS COMMAND | --target=TARGET <flags>

    OneForAll is a powerful subdomain integration tool

        python3 version
        python3 --target run
        python3 --targets ./domains.txt run
        python3 --target --alive False run
        python3 --target --brute True run
        python3 --target --port medium run
        python3 --target --fmt csv run
        python3 --target --dns False run
        python3 --target --req False run
        python3 --target --takeover False run
        python3 --target --show True run

        --alive  True/False           Only export alive subdomains or not (default False)
        --port   default/small/large  See details in ./config/ port 80)
        --fmt csv/json (result format)
        --path   Result directory (default directory is ./results)

        One domain (required)
        File path of one domain per line (required)

        Use brute module (default True)
        Use DNS resolution (default True)
        HTTP request subdomains (default True)
        The port range request to the subdomains (default port 80)
        Only export alive subdomains (default False)
        Result format (default csv)
        Result directory (default None)
        Scan subdomain takeover (default False)

    COMMAND is one of the following:


🎉Why OneForAll?

Project address :

Problems with other tools

  • Not powerful enough, few api, cannot automate, cannot valid subdomain, etc.

  • Not friendly enough, do not have a good user interface.

  • Not quickly enough, do not use multi-process, multi-threading, coroutine, etc.

  • Lack of maintenance, lots of issues and bugs, and no one fixed it.

In order to solve the above problems, OneForAll born! As its name, OneForAll is committed to becoming the only one subdomain integration tool you need. We hope that one day OneForAll can be called "probably the best subdomain tool"

At present, OneForAll is under development, there must be a lot of problems and areas for improvement. Welcome to submit Issues or PR, If you like, star please. You can contact me through QQ group 824414244 or twitter tweet to me: 👨‍👨‍👦‍👦.


  1. Use 6 certificate modules: censys_api, certspotter, crtsh, entrust, google, spyse_api.
  2. Use 6 baseline testing modules: scan domain transfer vulnerability axfr, cross-domain policy file cdx, HTTPS certificate cert, content security policy csp, robots file robots, and sitemap file sitemap, NSEC record nsec. NSEC3 record and other modules will be added later.
  3. Use 2 web crawler modules: archirawl, commoncrawl, which is still being debugged and needs to be added and improved).
  4. Use 24 DNS datasets modules: bevigil, binaryedge_api, bufferover, cebaidu, chinaz, chinaz_api, circl_api, cloudflare, dnsdb_api, dnsdumpster, hackertarget, ip138, ipv4info_api, netcraft, passivedns_api, ptrarchive, qianxun, rapiddns, riddler, robtex, securitytrails_api, sitedossier, threatcrowd, wzpc, ximcx.
  5. Use 6 DNS queries modules: enumerating SRV records srv and collect from MX, NS, SOA, TXT, SPF.
  6. Use 6 threat intelligence modules: alienvault, riskiq_ api, threatbook_ api, threatkeeper , virustotal, virustotal_ api, which need to be added and improved.
  7. Use 16 search engines modules: ask, baidu, bing, bing_api, fofa_api, gitee, github_api, google, google_api, shodan_api, so, sogou, yahoo, yandex, zoomeye_api, except for special search engines. General search engines support automatic exclusion of search, full search and recursive search.
  • Support subdomain brute force, can use dictionary mode or custom fuzz mode. Supports bulk brute and recursive brute, and automatically determine wildcard or not and processing.
  • Support subdomain verification, default enable, automatically resolve DNS, request subdomain to obtain response, and determine subdomain alive or not.
  • Support subdomain crawling, according to the existing subdomains, the response body of the request subdomain and the JS in the response body can be found again from the new subdomain.
  • Support subdomain replacement, according to the existing subdomain, use subdomain replacement technology to discover new subdomains again.
  • Support subdomain takeover, default enable, supports bulk inspection, and automatic takeover subdomain (only Github, remains to be improved at present).
  • Powerful processing feature, support automatic deduplicate, DNS resolve, HTTP request, filter valid subdomains and information for subdomains. Supported export formats: txt, csv, json.
  • Very fast, collection module uses multi-threading, brute module uses MassDNS, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers. DNS resolve and HTTP requests use async-coroutine. subdomain takeover uses multi-threading.
  • Good experience, each module has a progress bar, and save results asynchronously.

If you have any other good ideas, please let me know!😎

🌲Directory structure

For more information, please see Directory structure description.

Some help and instructions are also provided in the docs directory of this project, such as dictionary Source description, wildcard judgment process.

👏Framework used

  • aiohttp - Asynchronous HTTP client/server framework for asyncio and Python
  • beautifulsoup4 - Beautiful Soup is a library that makes it easy to scrape information from web pages
  • fire - Python Fire is a library for automatically generating command line interfaces (CLIs) from absolutely any Python object
  • loguru - Loguru is a library which aims to bring enjoyable logging in Python.
  • massdns - A high-performance DNS stub resolver
  • records - Records is a very simple, but powerful, library for making raw SQL queries to most relational databases
  • requests - A simple, yet elegant HTTP library
  • tqdm - A Fast, Extensible Progress Bar for Python and CLI

Thanks to these great Python libraries!

🔖Version control

The project uses SemVer for version management, and you can view the available version in Releases, You can refer to the change record instructions for historical changes.

Follow-up plan

  • Continuous optimize and improve of each module
  • Implementation of front-end interface for powerful interaction

For more details, read


Very warmly welcome all people to make OneForAll better together!


You can view all contributors and their contributions in the contributor documentation and thank them for making OneForAll more powerful and useful.


The project has signed a GPL-3.0 license, for more information, please read LICENSE.


Thanks to the various subdomain collection projects of online open source!

Thanks ace of A-Team for their enthusiastic and unselfish answers!

Developed with drive and PyCharm!


This tool can only be used in the safety construction of enterprises with sufficient legal authorization. During the use of this tool, you should ensure that all your actions comply with local laws and regulations. If you have any illegal behavior in the process of using this tool, you will bear all the consequences yourself, and all developers and all contributors of this tool will not bear any legal and joint liability.

💖Stargazers over time

Stargazers over time