From 6712e41d7bc9d5b3c8a2c4dcd06d3e7dc842e112 Mon Sep 17 00:00:00 2001 From: fleetcaptain Date: Mon, 15 Jan 2018 16:15:13 -0800 Subject: [PATCH] Update README.md --- README.md | 161 +++++++++++++++++------------------------------------- 1 file changed, 49 insertions(+), 112 deletions(-) diff --git a/README.md b/README.md index 0c2dbc0..9666b8c 100644 --- a/README.md +++ b/README.md @@ -1,50 +1,62 @@ -## About Sublist3r +## Turbolist3r - Beta -Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS. +Turbolist3r is a fork of the [sublist3r](https://github.com/aboul3la/sublist3r) subdomain discovery tool. In addition to all original OSINT capabilties of sublist3r, turbolist3r automates some of the results analysis, with a focus on subdomain takeover. -[subbrute](https://github.com/TheRook/subbrute) was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute. +Turbolist3r queries public DNS servers for each discovered subdomain. If the subdomain exists (i.e. the resolver replied with an address), the answer is categorized as CNAME or A record. By examining A records, it is possible to discover potential penetration testing targets for a given domain. Likewise, the process of looking for subdomain takeovers is simple; view the discovered CNAME records and focus manual testing on any that point to interesting cloud services. -## Screenshots +This is an early release and may contain bugs or other irregularities. -![Sublist3r](http://www.secgeek.net/images/Sublist3r.png "Sublist3r in action") +## Usage +Short Form | Long Form | Description +------------- | ------------- |------------- +-d | --domain | Domain name to enumerate subdomains of +-b | --bruteforce | Enable the subbrute bruteforce module +-p | --ports | Scan the found subdomains against specific tcp ports +-v | --verbose | Enable the verbose mode and display results in realtime +-t | --threads | Number of threads to use for subbrute bruteforce +-e | --engines | Specify a comma-separated list of search engines +-o | --output | Save discovered domain names to specified text file +-h | --help | show the help message and exit +-a | --analysis | Do analysis of the results and save to specified text file -## Installation +### Examples -``` -git clone https://github.com/aboul3la/Sublist3r.git -``` +* To enumerate subdomains of a specific domain, perform turbolist3r analysis, and save the analysis to a file: -## Recommended Python Version: +``python turbolist3r.py -d example.com -a analysis_file.txt`` -Sublist3r currently supports **Python 2** and **Python 3**. +* To list all the basic options and switches use -h switch: + +```python turbolist3r.py -h``` + +* To enumerate subdomains of specific domain: + +``python turbolist3r.py -d example.com`` + +* To enumerate subdomains of specific domain and save discovered subdomains to a file: + +``python turbolist3r.py -d example.com -o example_hosts.txt`` + +* To enumerate subdomains of specific domain and show the results in realtime: + +``python turbolist3r.py -v -d example.com`` + +* To enumerate subdomains and enable the bruteforce module: + +``python turbolist3r.py -b -d example.com`` + +* To enumerate subdomains and use specific engines such Google, Yahoo and Virustotal engines + +``python turbolist3r.py -e google,yahoo,virustotal -d example.com`` -* The recommended version for Python 2 is **2.7.x** -* The recommened version for Python 3 is **3.4.x** ## Dependencies: -Sublist3r depends on the `requests`, `dnspython`, and `argparse` python modules. +Note that turbolist3r has not been tested on Windows. -These dependencies can be installed using the requirements file: +Turbolist3r depends on the `requests`, `dnspython`, and `argparse` python modules. -- Installation on Windows: -``` -c:\python27\python.exe -m pip install -r requirements.txt -``` -- Installation on Linux -``` -sudo pip install -r requirements.txt -``` - -Alternatively, each module can be installed independently as shown below. - -#### Requests Module (http://docs.python-requests.org/en/latest/) - -- Install for Windows: -``` -c:\python27\python.exe -m pip install requests -``` - Install for Ubuntu/Debian: ``` @@ -63,11 +75,6 @@ sudo pip install requests #### dnspython Module (http://www.dnspython.org/) -- Install for Windows: -``` -c:\python27\python.exe -m pip install dnspython -``` - - Install for Ubuntu/Debian: ``` sudo apt-get install python-dnspython @@ -95,89 +102,19 @@ sudo yum install python-argparse sudo pip install argparse ``` -**for coloring in windows install the following libraries** -``` -c:\python27\python.exe -m pip install win_unicode_console colorama -``` - -## Usage - -Short Form | Long Form | Description -------------- | ------------- |------------- --d | --domain | Domain name to enumerate subdomains of --b | --bruteforce | Enable the subbrute bruteforce module --p | --ports | Scan the found subdomains against specific tcp ports --v | --verbose | Enable the verbose mode and display results in realtime --t | --threads | Number of threads to use for subbrute bruteforce --e | --engines | Specify a comma-separated list of search engines --o | --output | Save the results to text file --h | --help | show the help message and exit - -### Examples - -* To list all the basic options and switches use -h switch: - -```python sublist3r.py -h``` - -* To enumerate subdomains of specific domain: - -``python sublist3r.py -d example.com`` - -* To enumerate subdomains of specific domain and show only subdomains which have open ports 80 and 443 : - -``python sublist3r.py -d example.com -p 80,443`` - -* To enumerate subdomains of specific domain and show the results in realtime: - -``python sublist3r.py -v -d example.com`` - -* To enumerate subdomains and enable the bruteforce module: - -``python sublist3r.py -b -d example.com`` - -* To enumerate subdomains and use specific engines such Google, Yahoo and Virustotal engines - -``python sublist3r.py -e google,yahoo,virustotal -d example.com`` - - -## Using Sublist3r as a module in your python scripts - -**Example** - -```python -import sublist3r -subdomains = sublist3r.main(domain, no_threads, savefile, ports, silent, verbose, enable_bruteforce, engines) -``` -The main function will return a set of unique subdomains found by Sublist3r - -**Function Usage:** -* **domain**: The domain you want to enumerate subdomains of. -* **savefile**: save the output into text file. -* **ports**: specify a comma-sperated list of the tcp ports to scan. -* **silent**: set sublist3r to work in silent mode during the execution (helpful when you don't need a lot of noise). -* **verbose**: display the found subdomains in real time. -* **enable_bruteforce**: enable the bruteforce module. -* **engines**: (Optional) to choose specific engines. - -Example to enumerate subdomains of Yahoo.com: -```python -import sublist3r -subdomains = sublist3r.main('yahoo.com', 40, 'yahoo_subdomains.txt', ports= None, silent=False, verbose= False, enable_bruteforce= False, engines=None) -``` - ## License -Sublist3r is licensed under the GNU GPL license. take a look at the [LICENSE](https://github.com/aboul3la/Sublist3r/blob/master/LICENSE) for more information. +Turbolist3r is licensed under the GNU GPL license. take a look at the [LICENSE](https://github.com/fleetcaptain/Turbolist3r/blob/master/LICENSE) for more information. +Respect legal restrictions and only conduct testing against infrastructure that you have permission to target. ## Credits -* [TheRook](https://github.com/TheRook) - The bruteforce module was based on his script **subbrute**. -* [Bitquark](https://github.com/bitquark) - The Subbrute's wordlist was based on his research **dnspop**. +* [aboul3la](https://github.com/aboul3la/sublist3r) - The creator of **Sublist3r**; turbolist3r adds some features but is otherwise a near clone of sublist3r. ## Thanks -* Special Thanks to [Ibrahim Mosaad](https://twitter.com/ibrahim_mosaad) for his great contributions that helped in improving the tool. +* Thank you to [aboul3la](https://github.com/aboul3la/sublist3r) for releasing sublist3r, an incredible subdomain discovery tool! ## Version -**Current version is 1.0** +**1/15/18 Version 0.1**