Fast subdomains enumeration tool for penetration testers
Go to file
Shaheer Yasir a24ce833fc
Delete subbrute/names.txt.txt
2025-10-01 23:17:12 +05:00
subbrute Delete subbrute/names.txt.txt 2025-10-01 23:17:12 +05:00
.gitignore Ignore working files 2016-07-15 20:24:11 +12:00
LICENSE Initial commit 2015-12-15 02:55:25 +02:00
MANIFEST.in Add manifest to include all data 2018-03-04 21:06:28 +01:00
README.md Update README.md 2025-10-01 22:23:45 +05:00
live.py Create live.py 2025-10-01 18:45:31 +05:00
requirements.txt Update requirements.txt 2025-10-01 17:23:24 +05:00
setup.py Update setup.py 2025-10-01 17:24:21 +05:00
sublist3r.py Update sublist3r.py 2025-10-01 18:58:59 +05:00

README.md

Sublist3r Python License: GPL v2 Stars

Sublist3r is a fast and powerful Python tool designed for OSINT-based subdomain enumeration. It helps penetration testers, bug bounty hunters, and security researchers discover hidden subdomains for targeted domains. Sublist3r leverages multiple search engines (Google, Yahoo, Bing, Baidu, Ask) and passive sources (Netcraft, VirusTotal, ThreatCrowd, DNSdumpster, ReverseDNS, BufferOverRun, CertSpotter) to build comprehensive subdomain lists.

Enhanced to v3.0 by Shaheer Yasir (2025): Full Python 3 support, new passive engines (CertSpotter for Certificate Transparency logs, BufferOverRun for DNS intel), JSON output, improved performance, and VirusTotal API v3 integration.

🚀 Features

  • Multi-Engine Enumeration: Supports 12+ search engines and passive sources for broad coverage.
  • Brute-Force Integration: Powered by SubBrute (v1.3) with optimized wordlists.
  • Output Flexibility: Text or JSON export; verbose real-time results.
  • Port Scanning: Built-in TCP port checks on discovered subdomains.
  • Modular Design: Easy to import as a Python library.
  • Cross-Platform: Works on Linux, macOS, and Windows (with colorama for enhanced output).
  • Rate-Limited & Stealthy: Configurable threads, sleeps, and proxies to avoid detection.

📦 Installation

  1. Clone the Repository:

    git clone https://github.com/aboul3la/Sublist3r.git
    cd Sublist3r
    
  2. Install Dependencies:

    pip install -r requirements.txt
    

    (Includes requests>=2.25.0, dnspython>=2.0.0, colorama>=0.4.4)

  3. Optional: VirusTotal API Key: For unlimited scans, set export VT_API_KEY=your_key_here.

Note: Python 3.6+ required (tested up to 3.12). No Python 2 support.

🔧 Usage

Short Form Long Form Description
-d --domain Domain name to enumerate subdomains of
-b --bruteforce Enable the SubBrute bruteforce module
-p --ports Scan found subdomains against specific TCP ports
-v --verbose Enable verbose mode and display results in realtime
-t --threads Number of threads for SubBrute bruteforce (default: 30)
-e --engines Comma-separated list of search engines
-o --output Save results to text file
-j --json Save results to JSON file
-n --no-color Output without color
-h --help Show the help message and exit

Examples

  • Basic Enumeration:

    python sublist3r.py -d example.com
    
  • With Port Scanning (80, 443):

    python sublist3r.py -d example.com -p 80,443
    
  • Verbose Real-Time Results:

    python sublist3r.py -v -d example.com
    
  • Enable Bruteforce:

    python sublist3r.py -b -d example.com
    
  • Specific Engines (Google, Yahoo, VirusTotal):

    python sublist3r.py -e google,yahoo,virustotal -d example.com
    
  • Full Scan with JSON Output:

    python sublist3r.py -d example.com -b -v -j -o output.txt
    

📚 Using Sublist3r as a Module

Import Sublist3r into your Python scripts for automated workflows.

import sublist3r

# Enumerate subdomains
subdomains = sublist3r.main(
    domain='yahoo.com',
    no_threads=40,          # Threads for bruteforce
    savefile='yahoo_subdomains.txt',  # Output file
    ports=None,             # Ports to scan
    silent=False,           # Silent mode
    verbose=False,          # Real-time output
    enable_bruteforce=False, # Enable bruteforce
    engines=None            # Specific engines
)

print(f"Found {len(subdomains)} subdomains: {subdomains}")

Parameters:

  • domain: Target domain.
  • savefile: Optional output file.
  • ports: Comma-separated TCP ports.
  • silent: Suppress noise.
  • verbose: Real-time display.
  • enable_bruteforce: Use SubBrute.
  • engines: Optional comma-separated engines (e.g., 'google,bing').

🖼️ Screenshots

Sublist3r in Action

🤝 Credits

📄 License

Sublist3r is licensed under the GNU GPL v2. See LICENSE for details.

🙌 Contributing

We welcome contributions! Fork the repo, create a feature branch, and submit a PR. For issues or questions, open a ticket on GitHub.

📈 Version

Current version: 3.0 (October 01, 2025)


Star this repo if Sublist3r helps your recon workflow! Follow @aboul3la for updates. Happy hunting! 🔍