TheRook / subbrute

A DNS meta-query spider that enumerates DNS records, and subdomains.
GNU General Public License v3.0
3.33k stars 651 forks source link

brute force is too slow! #72

Open marcelo321 opened 4 years ago

marcelo321 commented 4 years ago

Hello,

I shortened the wordlist to 1k subdomains and run the script again at 100 threads and still 15 minutes and keeps going...

that means that if i try the main wordlist of 130k subdomains it would take +5,40 hours

Is there any way to speed up this? what about the resolvers.txt? can i update it somehow? what type of resolvers and where should i look for them?

TheRook commented 4 years ago

Hmm, yeah the resolvers.txt might need to be updated. It is a bit old. Let me re-generate it and do some tests. Thanks for the post.

On Mon, Dec 23, 2019 at 2:19 PM marcelo321 notifications@github.com wrote:

Hello,

I shortened the wordlist to 1k subdomains and run the script again at 100 threads and still 15 minutes and keeps going...

that means that if i try the main wordlist of 130k subdomains it would take +5,40 hours

Is there any way to speed up this? what about the resolvers.txt? can i update it somehow? what type of resolvers and where should i look for them?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/TheRook/subbrute/issues/72?email_source=notifications&email_token=AAD7MNY443FKI2K5VXNFUZ3Q2E2Q7A5CNFSM4J6YRY32YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4ICNBYHA, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAD7MN6ZPYJKCDHZBMVB7B3Q2E2Q7ANCNFSM4J6YRY3Q .

RaduNico commented 3 years ago

Hello,

I've tried using the -t option to check some basic subdomains - all 1 letter subdomains in the range a-z0-9. I ran subbrute for about 2 hours and it produced no output. Would using a custom list of domain names help?

Radu

0x00009b commented 3 years ago

Hi @RaduNico I am not a developer member of this project but I'm an avid penetration tester and i would highly suggest using a custom word list as it helps to narrow down the results also since this is a brute force tool the time it takes can be affected by many factors such as your internet speed, CPU/GPU power etc and you said you tried a-z0-9 that means your cpu and/or GPUs is trying to find every possible combo of every letter in the English language and every number 0-9 which is a lot of strain on any normal computer