Plazmaz / Sublist3r

Fast subdomains enumeration tool for penetration testers
GNU General Public License v2.0
117 stars 23 forks source link

This is not the official repo for sublist3r, this version contains extra features (notably subdomain takeover checks).

The original version: https://github.com/aboul3la/Sublist3r

About Sublist3r

Sublist3r is python tool that is designed to enumerate subdomains of websites through OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.

subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.

Screenshots

Sublist3r

Installation

git clone https://github.com/Plazmaz/Sublist3r.git

Recommended Python Version:

Sublist3r currently supports Python 2 and Python 3.

Dependencies:

Sublist3r depends on the requests, dnspython and argparse python modules.

These dependencies can be installed using the requirements file:

Alternatively, each module can be installed independently as shown below.

Requests Module (http://docs.python-requests.org/en/latest/)

dnspython Module (http://www.dnspython.org/)

argparse Module

for coloring in windows install the following libraries

c:\python27\python.exe -m pip install win_unicode_console colorama

Usage

Short Form Long Form Description
-d --domain Domain name to enumerate subdomains of
-b --bruteforce Enable the subbrute bruteforce module
-p --ports Scan the found subdomains against specific tcp ports
-v --verbose Enable the verbose mode and display results in realtime
-t --threads Number of threads to use for subbrute bruteforce
-e --engines Specify a comma-separated list of search engines
-o --output Save the results to text file
-h --help show the help message and exit
-to --takover-check [New] Scan subdomains for unregistered services such as Github Pages

Examples

python sublist3r.py -h

python sublist3r.py -d example.com

python sublist3r.py -d example.com -p 80,443

python sublist3r.py -v -d example.com

python sublist3r.py -b -d example.com

python sublist3r.py -e google,yahoo,virustotal -d example.com

Using Sublist3r as a module in your python scripts

Example

import sublist3r 
subdomains = sublist3r.main(domain, no_threads, savefile, ports, silent, verbose, enable_bruteforce, takeover_check, engines)

The main function will return a set of unique subdomains found by Sublist3r

Function Usage:

Example to enumerate subdomains of Yahoo.com:

import sublist3r 
subdomains = sublist3r.main('yahoo.com', 40, 'yahoo_subdomains.txt', ports= None, silent=False, verbose= False, enable_bruteforce= False, takeover_check=False, engines=None)

License

Sublist3r is licensed under the GNU GPL license. take a look at the LICENSE for more information.

Credits

Thanks

Version

Current version is 1.0