Fast subdomains enumeration tool for penetration testers
Go to file
Ahmed Aboul-Ela cab552215e Merge pull request #38 from jeremyn/modify_subdomain_sorting
Improved the subdomains sorting
2016-10-04 19:59:14 +04:00
subbrute Improved the subbrute wordlist 2016-07-04 14:48:03 +02:00
.gitignore Ignore working files 2016-07-15 20:24:11 +12:00
LICENSE Initial commit 2015-12-15 02:55:25 +02:00
README.md Update README.md 2016-07-06 19:30:53 +03:00
requirements.txt Add requirements.txt for dependencies 2016-08-22 19:13:36 +01:00
sublist3r.py Modify subdomain sorting 2016-10-02 22:57:52 +00:00

README.md

##About Sublist3r

Sublist3r is python tool that is designed to enumerate subdomains of websites using search engines. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r currently supports the following search engines: Google, Yahoo, Bing, Baidu, and Ask. More search engines may be added in the future. Sublist3r also gathers subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and PassiveDNS.

subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.

##Screenshots

Sublist3r

##Installation

git clone https://github.com/aboul3la/Sublist3r.git

##Recommended Python Version:

The recommended python version to use is 2.7.x on any platform.

Other python versions maybe not supported at the moment.

##Dependencies:

####Requests library (http://docs.python-requests.org/en/latest/)

  • Install for Windows:
c:\python27\python.exe -m pip install requests
  • Install for Ubuntu/Debian:
sudo apt-get install python-requests
  • Install for Centos/Redhat:
sudo yum install python-requests
  • Install using pip on Linux:
sudo pip install requests

####dnspython library (http://www.dnspython.org/)

  • Install for Windows:
c:\python27\python.exe -m pip install dnspython
  • Install for Ubuntu/Debian:
sudo apt-get install python-dnspython
  • Install using pip:
sudo pip install dnspython

####argparse library

  • Install for Ubuntu/Debian:
sudo apt-get install python-argparse
  • Install for Centos/Redhat:
sudo yum install python-argparse
  • Install using pip:
sudo pip install argparse

##Usage

Short Form Long Form Description
-d --domain Domain name to enumerate subdomains of
-b --bruteforce Enable the subbrute bruteforce module
-p --ports Scan the found subdomains against specified tcp ports
-v --verbose Enable Verbosity and display results in realtime
-t --threads Number of threads to use for subbrute bruteforce
-o --output Save the results to text file
-h --help show the help message and exit

###Examples

  • To list all the basic options and switches use -h switch:

python sublist3r.py -h

  • To enumerate subdomains of specific domain:

python sublist3r.py -d example.com

  • To enumerate subdomains of specific domain and show only subdomains with opened ports 80 and 443 :

python sublist3r.py -d example.com -p 80,443

  • To enumerate subdomains of specific domain and show results in realtime:

python sublist3r.py -v -d example.com

  • To enumerate subdomains and use the subbrute bruteforce module:

python sublist3r.py -b -d example.com

##License

Sublist3r is licensed under the GNU GPL license. take a look at the LICENSE for more information.

##Credits

  • TheRook - The bruteforce module was based on his script subbrute.
  • Bitquark - The Subbrute's wordlist was based on his research dnspop.

##Thanks

  • Special Thanks to Ibrahim Mosaad for his great contributions that helped in improving the tool.

##Version Current version is 1.0