Sublist3r
Overview
Sublist3r is a python tool created aboul3la on the following github link. Credit to him who is author this tool.
https://github.com/aboul3la/Sublist3r
This tool is designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.
Installation
git clone https://github.com/aboul3la/Sublist3r.git
Dependecies
Sublist3r depends on the requests``, dnspython and `argparse python modules.
These dependencies can be installed using the requirements file:
- Installation on Windows:
c:\python27\python.exe -m pip install -r requirements.txt - Installation on Linux
sudo pip install -r requirements.txt
Alternatively, each module can be installed independently as shown below.
- Install for Windows:
c:\python27\python.exe -m pip install requests- Install for Ubuntu/Debian:
sudo apt-get install python-requests - Install for Centos/Redhat:
sudo yum install python-requests - Install using pip on Linux:
sudo pip install requests
Sublister Directory
On this example, I installed on /etc/sublist directory as the following:
/etc/sublist/Sublist3r-master
Structure directories and its file will be shown as the following:
|-- LICENSE
|-- MANIFEST.in
|-- README.md
|-- requirements.txt
|-- setup.py
|-- subbrute
| |-- __init__.py
| |-- __pycache__
| | |-- __init__.cpython-37.pyc
| | `-- subbrute.cpython-37.pyc
| |-- names.txt
| |-- resolvers.txt
| `-- subbrute.py
`-- sublist3r.py
Basic command:
- To list all the basic options and use
-h:
python sublist3r.py -h
usage: sublist3r.py [-h] -d DOMAIN [-b [BRUTEFORCE]] [-p PORTS] [-v [VERBOSE]]
[-t THREADS] [-e ENGINES] [-o OUTPUT] [-n]
OPTIONS:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
Domain name to enumerate it's subdomains
-b [BRUTEFORCE], --bruteforce [BRUTEFORCE]
Enable the subbrute bruteforce module
-p PORTS, --ports PORTS
Scan the found subdomains against specified tcp ports
-v [VERBOSE], --verbose [VERBOSE]
Enable Verbosity and display results in realtime
-t THREADS, --threads THREADS
Number of threads to use for subbrute bruteforce
-e ENGINES, --engines ENGINES
Specify a comma-separated list of search engines
-o OUTPUT, --output OUTPUT
Save the results to text file
-n, --no-color Output without color
Example: python sublist3r.py -d google.com
- To enumerate subdomains of specific domain:
python sublist3r.py -d example.com
- To enumerate subdomains of specific domain and show only subdomains which have open ports 80 and 443 :
python sublist3r.py -d example.com -p 80,443
- To enumerate subdomains of specific domain and show the results in realtime:
python sublist3r.py -v -d example.com
- To enumerate subdomains and enable the bruteforce module:
python sublist3r.py -b -d example.com
- To enumerate subdomains and use specific engines such Google, Yahoo and Virustotal engines
python sublist3r.py -e google,yahoo,virustotal -d example.com