Enumerate subdomains from OSINT.
- Baidu
- Yahoo
- Bing
- Ask
- Netcraft
- DNSdumpster
- Virustotal
- ThreatCrowd
- SSL Certificates
- PassiveDNS
Installation
apt install sublist3rAdd proxy support (CNTLM)
nano /usr/lib/python3/dist-packages/sublist3r.py
def send_req(self, query, page_no=1):
url = self.base_url.format(query=query, page_no=page_no)
try:
proxy = { "http" : 'http://127.0.0.1:3128' }
resp = self.session.get(url, headers=self.headers, timeout=self.timeout, proxies=proxy)
except Exception:
resp = None
return self.get_response(resp)Usage
RESULTS=~/subdomains.txt
sublist3r -d domain.com -t 50 -p 80,443,21,22 -o $RESULTSHelp
sublist3r -h
usage: sublist3r.py [-h] -d DOMAIN [-b [BRUTEFORCE]] [-p PORTS] [-v [VERBOSE]] [-t THREADS] [-e ENGINES] [-o OUTPUT] [-n]
OPTIONS:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
Domain name to enumerate it's subdomains
-b [BRUTEFORCE], --bruteforce [BRUTEFORCE]
Enable the subbrute bruteforce module
-p PORTS, --ports PORTS
Scan the found subdomains against specified tcp ports
-v [VERBOSE], --verbose [VERBOSE]
Enable Verbosity and display results in realtime
-t THREADS, --threads THREADS
Number of threads to use for subbrute bruteforce
-e ENGINES, --engines ENGINES
Specify a comma-separated list of search engines
-o OUTPUT, --output OUTPUT
Save the results to text file
-n, --no-color Output without color
Example: python3 /usr/lib/python3/dist-packages/sublist3r.py -d google.com