Subdomain discovery for any domain via x402 micropayment ($0.01 USDC on Base).
What it does
The `/domain/subdomains` endpoint on domain.hugen.tokyo performs subdomain enumeration for a given domain name. It is one of seven domain intelligence checks offered by the Domain Intelligence API, which also covers WHOIS, DNS records, SSL certificates, tech stack detection, security headers, and redirect tracing.
This specific endpoint accepts a `domain` query parameter (e.g., `example.com`) via HTTP GET and returns a list of discovered subdomains along with a count. The endpoint is pay-per-call at $0.01 USDC on the Base network, settled via the x402 protocol. A sample response from the x402 challenge shows fields like `subdomain_count` and a `subdomains` array.
Alternative access methods are available: an MCP gateway at `mcp.hugen.tokyo/mcp` that brokers payment across 2300+ x402 APIs, a free API key with $0.05 credit via `discovery.hugen.tokyo`, or the `x402-pay` Python SDK for one-line access without wallet setup. The API has a full OpenAPI 3.1 spec and Swagger docs at `/docs`. Response schemas for the subdomain endpoint are not explicitly defined in the OpenAPI spec beyond validation errors.
Capabilities
Use cases
- —Discovering subdomains of a target domain during security reconnaissance
- —Mapping an organization's external attack surface
- —Validating subdomain configurations as part of domain auditing
- —Feeding subdomain lists into vulnerability scanners or monitoring tools
- —Enumerating infrastructure endpoints for asset inventory
Fit
Best for
- —Security researchers performing domain reconnaissance
- —Automated agents needing pay-per-call subdomain discovery without API key signup
- —Developers building domain intelligence pipelines
Not for
- —Bulk subdomain enumeration of thousands of domains (per-call pricing adds up)
- —Deep recursive subdomain brute-forcing requiring custom wordlists
Quick start
# Using the x402-pay Python SDK
pip install x402-pay
import x402_pay
response = x402_pay.get(
'https://domain.hugen.tokyo/domain/subdomains?domain=example.com'
)
print(response.json())Example
Response
{
"subdomains": [
"www.example.com",
"mail.example.com",
"api.example.com"
],
"subdomain_count": 3
}Endpoint
Quality
The endpoint is live (402 challenge captured) with a valid OpenAPI 3.1 spec and Swagger docs. However, the response schema for the subdomains endpoint is empty in the spec, and the only example response comes from the x402 challenge sample. No dedicated pricing page or detailed documentation beyond the auto-generated Swagger UI.
Warnings
- —Response schema is not defined in the OpenAPI spec — the sample response is inferred from the x402 challenge payload only.
- —No dedicated documentation or pricing page exists (both return 404).
- —Root URL returns 404; only /docs provides useful information.
Citations
- —The API offers 7 domain intelligence checks: WHOIS, DNS, SSL, tech stack, security headers, subdomains, redirectshttps://domain.hugen.tokyo/docs
- —The /domain/subdomains endpoint accepts a 'domain' query parameter via GEThttps://domain.hugen.tokyo/docs
- —Payment is $0.01 USDC on Base per call via x402https://domain.hugen.tokyo/domain/subdomains
- —Alternative access via MCP gateway, API key, or x402-pay SDKhttps://domain.hugen.tokyo/domain/subdomains
- —Sample response includes subdomain_count and subdomains arrayhttps://domain.hugen.tokyo/domain/subdomains