Here's a Python script that can find all subdomains of a given host:
import socket
def get_subdomains(host):
subdomains = []
try:
hostname, aliases, addresses = socket.gethostbyname_ex(host)
subdomains.append(hostname)
for address in addresses:
subdomains.append(address)
except Exception as e:
print("Error:", e)
return subdomains
host = input("Enter hostname: ")
subdomains = get_subdomains(host)
print("Subdomains:", subdomains)
This script uses the 'socket' library's 'gethostbyname_ex()' function to retrieve information about a given host. It takes the hostname as input from the user and returns a list of subdomains by appending the hostname and the addresses from the information retrieved.
Note that this script uses the 'socket.gethostbyname_ex()' function, which is a simple way to retrieve information about a host, but it doesn't guarantee that all subdomains will be found. There may be other more robust ways to find subdomains depending on your use case.
I trust this helps you! if you have any query you can ask me.