Smart Domain Detector is a cybersecurity reconnaissance tool designed to identify suspicious, newly registered, or look-alike domains that may indicate phishing or brand impersonation.
⚠️ DisclaimerThis tool is intended for educational purposes and authorized security testing only.
Smart Domain Detector is designed to help cybersecurity professionals and researchers detect suspicious domains such as phishing, typosquatting, and newly registered domains.
Do not use this tool against systems, domains, or infrastructure without explicit authorization.
The author assumes no responsibility for misuse or illegal activities performed using this software.
Designed for:
- SOC analysts
- Threat hunters
- Bug bounty researchers
- Security researchers
Smart Domain Detector is a Docker-first reconnaissance and exposure analysis platform for SOC teams, security analysts, and validation workflows.
🌐 Passive discovery • 🔎 Live validation • 🕰️ Historical expansion • 🧠 Target intelligence • 📊 Exportable reporting
Smart Domain Detector combines the work that usually gets split across many separate tools and long manual review steps:
- ⚡ Discover subdomains from multiple passive sources
- 🧭 Resolve and validate live hosts with DNS and HTTP probing
- 🗂️ Expand archived and live URLs with focused crawling
- 🚨 Detect sensitive files, auth portals, VPN surfaces, API docs, and exposure patterns
- 🧠 Build target intelligence with IP ownership, SSL/TLS, owner/contact, mail, and NS data
- 🧾 Save scan history locally and export clean Excel reports for follow-up analysis
Track live progress, engine output, and the tool checklist while the scan is still running.
Follow the pipeline in order while tools move through pending, running, completed, partial, and skipped states.
See risk, URLs scanned, critical findings, live assets, and tracked subdomains at a glance.
Review prioritized findings with severity, confidence, live/archive state, and source attribution.
Open a finding to see impact, recommended action, validation notes, evidence, and references.
Switch between quick triage, live-focused, full coverage, and depth presets with bounded controls.
Tune tool budgets safely with guardrails instead of open-ended numeric inputs.
subfinder,assetfinder,findomain,amass,subcatcrt.sh,certspotter,BufferOver,chaosdnsx,httpx,subzywaybackurls,gau,katana,waymore,arjun- native live recursion, targeted path checks, robots.txt capture, and SSL/TLS collection
- 🔐 Sensitive files and backup artifacts
- 🧱 Admin panels and login/auth surfaces
- 🛡️ VPN and remote-access endpoints
- 🧪 API docs, GraphQL, XML-RPC, redirect and SSRF clues
- 📬 Mail and target infrastructure clues
- 📁 Archive-backed and live-backed findings with evidence
- 📘 Excel export with findings, assets, target intelligence, IP intelligence, artifacts, follow-up targets, and tool health
- 🧷 Source/reference context included for downstream validation
- 🧹 Data organized for later leak checks, nuclei runs, manual review, and reporting
This project is designed to run through Docker so you avoid most Windows vs WSL vs Linux tool issues.
- Install Docker Desktop
- From the project root, run:
docker compose up --build -dYou can also use:
docker-control.bat
It lets you:
▶️ Start the Docker stack- ⏹️ Stop the Docker stack safely
- 🩺 Check Docker status
Copy .env.example to .env if you want to enable optional sources:
PORT=3000
USE_VITE_DEV=false
PDCP_API_KEY=
BUFFEROVER_API_KEY=PDCP_API_KEY: enables ChaosBUFFEROVER_API_KEY: enables BufferOver passive DNS enrichment
backend/
data/ SQLite scan history
services/ Recon, analyzer, runtime, persistence services
images/ README screenshots
public/ Static assets
src/ React UI
tests/ Node test suite
server.ts Unified API + frontend server
docker-control.bat Docker start/stop/check helper
Dockerfile Container runtime
docker-compose.yml Local Docker orchestration
Install dependencies:
npm installRun the app in development mode:
npm run devBuild the frontend:
npm run buildRun type/lint checks:
npm run lintRun tests:
npm testSaved reports are stored in:
backend/data/scans.db
Docker mounts the same folder, so scan history persists across container restarts.
- ✅
completed: tool finished normally - 🟢
partial: tool returned useful results before timeout - 🟠
pending: tool is queued or waiting for its stage - ⚪
skipped: intentionally not used for this scan mode, disabled by config, or missing API setup - 🔴
failed: tool ran but did not return a usable result
Notes:
- External sources can still rate-limit or temporarily fail.
- Some upstream archive services may return
429or no results for a given host. - Docker removes most native Windows compatibility friction, but upstream network/provider issues can still happen.
If the UI shows a network error:
- Confirm Docker is still running
- Confirm the container is healthy:
docker compose ps- Check logs:
docker compose logs --tail=200- Refresh http://localhost:3000
That usually means one of these is true:
- the tool is intentionally disabled for the selected scan mode
- an API key is not configured
- the workflow is prioritizing faster sources first
Archive providers can be inconsistent across domains. Smart Domain Detector already retries and focuses on higher-value hosts first, but some targets genuinely return less historical data.
Smart Domain Detector v1.0
© 2026 Professional project by github.com/smartboy223
Contributions, improvements, and future developments are welcome.