Hadrian, an Amsterdam-based security company, has introduced Subwiz. The AI tool detects subdomains that often act as weak spots. The solution allows organizations to detect hidden digital backdoors before hackers can exploit them. Tests show that the tool finds 10 percent more subdomains than traditional methods.
For hackers, forgotten subdomains are ideal targets. These web pages, such as ‘old-internal.hadrian.io’, are often poorly maintained and regularly run on outdated software, making them a relatively easy gateway to an organization’s network.
Traditional methods fall short
Until now, subdomain detection has depended heavily on time-consuming brute-force techniques. These generate countless possibilities to guess potential subdomains. This process requires many DNS queries and offers no guarantee of success. “Even extensive glossaries and permutation generators often miss many subdomains due to the lack of context,” explains Olivier Beg, Chief Hacking Officer at Hadrian.
Subwiz changes this approach by using machine learning to make targeted predictions. This means fewer DNS queries are needed, and predictions become more accurate. During benchmark tests, the system discovered 10.4 percent more existing subdomains compared to conventional detection methods.
Balance between efficiency and effectiveness
The new tool uses a lightweight LLM (Large Language Model) that can run on a standard laptop and generates hundreds of results within seconds. “When building Subwiz, we wanted to find the right balance between exhaustive detection and efficiency. Instead of blindly testing millions of possibilities, we focused on intelligent predictions,” says Beg.
The tool has proven that approximately 10,000 targeted subdomain tests per domain can detect 10% more undetected subdomains. This extra visibility is crucial because hackers often exploit forgotten or vulnerable subdomains.
Practical applicability
Users can adjust various parameters within Subwiz to refine the search. In addition, the tool is easy to integrate with other subdomain detection systems that ethical hackers and security experts already use, such as SanicDNS – Hadrian’s first open-source tool for quick scans.
By discovering subdomains that would otherwise remain hidden, Subwiz allows companies to fix weaknesses before they can serve as access points for attackers. Subdomains that have become publicly accessible unintentionally due to misconfigurations, legacy systems or overlooked test environments are particularly risky.
Tip: Dutch startup Hadrian receives €10 million for pentesting