Sublist3r
Sublist3r is a Python tool designed to enumerate subdomains of websites using OSINT (Open Source Intelligence). It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. It also uses sources like Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.
Disclaimer
This tool is intended for educational and ethical testing purposes only. Unauthorized use of Sublist3r to scan or enumerate subdomains without explicit permission is illegal and unethical. The creators of this tool are not responsible for any misuse or damage caused by this tool.
Description
Sublist3r is an effective tool for discovering subdomains of a given domain, aiding in the mapping of an organization's attack surface. By using various search engines and online services, it can provide a comprehensive list of subdomains, which can be useful for security assessments and penetration tests. The integration of subbrute increases the likelihood of finding more subdomains through brute force methods.
Features
- Search Engine Enumeration: Uses Google, Yahoo, Bing, Baidu, and Ask to find subdomains.
- Online Services Integration: Utilizes Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS for comprehensive results.
- Bruteforce Module: Integrates subbrute to enhance subdomain discovery through brute force techniques.
- Real-time Results: Option to display results in real-time for ongoing monitoring.
Installation
To install Sublist3r, clone the GitHub repository and install the required dependencies. Sublist3r supports both Python 2 and Python 3.
git clone https://github.com/aboul3la/Sublist3r.git
cd Sublist3r
pip install -r requirements.txt
Recommended Python Versions
- Python 2: 2.7.x
- Python 3: 3.4.x
Dependencies
Sublist3r depends on the following Python modules: requests, dnspython, and argparse. These can be installed using the requirements file provided in the repository.
Installation on Windows
c:\python27\python.exe -m pip install -r requirements.txt
Installation on Linux
sudo pip install -r requirements.txt
Usage
Sublist3r offers several options and switches to customize the enumeration process. Below is a list of options available:
| Short Form | Long Form | Description |
|---|---|---|
| -d | --domain | Domain name to enumerate subdomains of |
| -b | --bruteforce | Enable the subbrute bruteforce module |
| -p | --ports | Scan the found subdomains against specific tcp ports |
| -v | --verbose | Enable the verbose mode and display results in realtime |
| -t | --threads | Number of threads to use for subbrute bruteforce |
| -e | --engines | Specify a comma-separated list of search engines |
| -o | --output | Save the results to text file |
| -h | --help | Show the help message and exit |
Examples
To list all the basic options and switches use the -h switch:
python sublist3r.py -h
To enumerate subdomains of a specific domain:
python sublist3r.py -d example.com
To enumerate subdomains of a specific domain and show only subdomains which have open ports 80 and 443:
python sublist3r.py -d example.com -p 80,443
To enumerate subdomains of a specific domain and show the results in real-time:
python sublist3r.py -v -d example.com
To enumerate subdomains and enable the bruteforce module:
python sublist3r.py -b -d example.com
To enumerate subdomains and use specific engines such as Google, Yahoo, and Virustotal:
python sublist3r.py -e google,yahoo,virustotal -d example.com
Using Sublist3r as a Module in Your Python Scripts
You can use Sublist3r within your Python scripts by importing it and calling the main function.
import sublist3r
subdomains = sublist3r.main(domain, no_threads, savefile, ports, silent, verbose, enable_bruteforce, engines)
The main function returns a set of unique subdomains found by Sublist3r. Here's an example of how to use it to enumerate subdomains of Yahoo.com:
import sublist3r
subdomains = sublist3r.main('yahoo.com', 40, 'yahoo_subdomains.txt', ports=None, silent=False, verbose=False, enable_bruteforce=False, engines=None)
License
Sublist3r is licensed under the GNU GPL license. For more information, take a look at the LICENSE file in the repository.
