ShoLister is a tool that collects all available subdomains for specific hostname or organization from Shodan. The tool is designed to be used from Penetration Tester and Bug Bounty Hunters.
- Shodan paid account.
- Python3
pip install shodan pip install termcolor shodan init YOUR_API_KEY -> You have 2 python scripts, the first one will search for your scope subdomains using 2 filters hostname and Ssl.cert.subject.CN The second script will search using filter org
sholister_hostname.py
> scope_domains.txt example: yahoo.com uber.com twitter.com > Run: python3 sholister_hostname.py scope_domains.txt sholister_org.py
> scope_organizations.txt example: Google LLC Uber Technologies LLC Twitter > Run: python3 sholister_org.py scope_organizations.txt 
- ShoLister based on Shodan Library so they're using the same gateway to get the results.
- Filter the results to avoid ISP false positive domains.
- You can pass a file with multiple hosts or organizations names to make it more easier to get the results.
- ShoLister provide the results as a separate file for each hostname or organization.