Sublist3r – Fast Python Subdomain Enumeration Tool

The New Acunetix V12 Engine


Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.

Sublist3r - Fast Python Subdomain Enumeration Tool

It also integrates with subbrute for subdomain brute-forcing with word lists.


Features of Sublist3r Subdomain Enumeration Tool

It enumerates subdomains using many search engines such as:

  • Google
  • Yahoo
  • Bing
  • Baidu
  • Ask

The tool also enumerates subdomains using:

  • Netcraft
  • Virustotal
  • ThreatCrowd
  • DNSdumpster
  • ReverseDNS

Requirements of Sublist3r Subdomain Search

It currently supports Python 2 and Python 3.

– The recommended version for Python 2 is 2.7.x
– The recommended version for Python 3 is 3.4.x

The tool depends on the requests, dnspython, and argparse Python modules.

Usage of Sublist3r Subdomain Brute Force Tool


Examples

To list all the basic options and switches use -h switch:

To enumerate subdomains of specific domain:

To enumerate subdomains of specific domain and show only subdomains which have open ports 80 and 443 :

To enumerate subdomains of specific domain and show the results in realtime:

To enumerate subdomains and enable the bruteforce module:

To enumerate subdomains and use specific engines such Google, Yahoo and Virustotal engines

It’s also possible to use Sublist3r as a Python module in your own scripts.

Other tools to check out are:

SubBrute – Subdomain Brute-forcing Tool
Knock v1.3b – Subdomain Enumeration/Brute-Forcing Tool
DNSRecon – DNS Enumeration Script
InstaRecon – Automated Subdomain Discovery Tool

You can download Sublist3r here:

Sublist3r-master.zip

Or read more here.

Posted in: Networking Hacking


Latest Posts:


Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.


Comments are closed.