Sublist3r is a Python-based tool that is used to enumerate the subdomains of a
website. It helps penetration testers and bug hunters to find various
subdomains for which they can find vulnerabilities. Sublist3r searches various
subdomains using Google, Yahoo, Bing, Baidu, and Ask. It also enumerates
subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and
ReverseDNS.
The Repository is available on GitHub - https://github.com/aboul3la/Sublist3r.
-
Clone the repository in Linux using the git command.
|
|
Cloning the repository
|
-
Re-direct into the folder which was just created. It will have files as
shown below.
|
|
Files in Sublist3r
|
-
Before running the tool we need to install all the python modules
required by the tool. To do that, run command -
pip install -r requirements.txt
|
|
Install packages
|
-
Once the installation is finished. You can run the tool using python.
Command -
python3 sublist3r.py
|
|
Run Sublist3r
|
It shows you need to run the command
with the -d option and a domain name or else use the help
command.
-
For example, if you want to look for a subdomain for
google.com. The command is -
python3 sublist3r.py -d google.com
|
|
Finding Subdomains for google.com
|
The tool is able to find various subdomains of google.com, using this,
pen-testers and bug hunters can find vulnerabilities under a
subdomain.
-
Also, some other flags like -d are worth mentioning from the help command.
To see other flags type -
python3 sublist3r.py -h.
|
| Help option |
-
-t: command can be used to start a number of threads to make the
process faster,
python3 sublist3r.py -d google.com -t 50
( means send 50 requests at a time)
-
-o: command can be used to save the output given by Sublist3r in
a text file,
python3 sublist3r.py -d google.com -o output.txt, here output.txt is a file where the output will save.
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
%20Cover.jpg)
%20Cover.jpg)
No comments:
Post a Comment