Sublister is a tool that was developed in Python to find subdomains of a website using OSINT( Open-source intelligence). Search engines like Google, Bing, Yahoo, Baidu, and Ask are used by this tool. It also uses Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS
Subbrute, a subdomain-brute-forcer was integrated with Sublist3r to identify more subdomains with an improved word list.
How to install it?
Preferred python version
Python 2.7.x or 3.4.x are recommended
Installation:
Download it using the command:
git clone https://github.com/aboul3la/Sublist3r.git
Sublist3r depends on python modules argparse, dnspython, and requests. So you need to install them by using ‘requirements.txt’ file. Open the downloaded file and enter the command
sudo pip install -r requirements.txt
How to use it?
Run it using python
python sublist3r.py [options] [website name]
Option’s
- -d –domain To enumerate subdomains of Domain name
- -b –brute-force Include subbrute brute-force module
- -p –ports Scan subdomains that are in specific tcp ports
- -v –verbose Real-time results display in the verbose mode
- -t –threads Threads to use for subbrute brute-force
- -e –engines Search engines will be specified with a comma-separated
- -o –output Save the output into a text file
- -h –help Show the help message before exit
Examples
- To list all the basic options use:
python sublist3r.py -h
- To enumerate subdomains of specific domain:
python sublist3r.py -d example.com
- To enumerate subdomains of a specific domain and show only subdomains with open ports 80 and 443 :
python sublist3r.py -d example.com -p 80,443
- To enumerate subdomains of a specific domain and show the real-time results
python sublist3r.py -v -d example.com
- To enumerate subdomains and enable the brute-force module:
python sublist3r.py -b -d example.com
- To enumerate subdomains and use specific engines on demands
python sublist3r.py -e google,yahoo,virustotal -d example.com
Summary
Hope you have learned A step by step guide on – What is Sublister? | How to install and run it? | get hands-on How to use it? To know more about Subdomain Takeover.
If you still have some doubt’s feel free to comment below.
–ABHIJITH