# Chain subfinder | httpx | nuclei for quick recon

**Date:** 2025-12-17  
**Tags:** Security, Bug Bounty, Recon  
**URL:** https://kelexine.is-a.dev/til/subdomain-enumeration

---

TIL: Chain subfinder | httpx | nuclei for quick recon. Subfinder finds subdomains, httpx probes which are alive, nuclei scans for known vulnerabilities. One pipeline, hundreds of potential findings.


```bash
# Full recon pipeline
subfinder -d target.com -silent | \
  httpx -silent | \
  nuclei -t cves/ -t exposures/ -o findings.txt

# Check findings
cat findings.txt | grep -E "(critical|high)"
```




---

*This content is available at [kelexine.is-a.dev/til/subdomain-enumeration](https://kelexine.is-a.dev/til/subdomain-enumeration)*