gbiagomba
commented
3 years ago @Aaryan9898 unfortunately there is no way to do that, now there are some other tools that will do that for you like amass and subfinder. The way i worked that out was by feeding the results file to nmap and doing a comprehensive ping-sweep.
nmap -PA"21-23,25,53,80,88,110,111,135,139,443,445,3389,8080" -PE -PM -PP -PO -PS"21-23,25,53,80,88,110,111,135,139,443,445,3389,8080" -PU"42,53,67-68,88,111,123,135,137,138,161,500,3389,5355" -PY"22,80,179,5060" -T5 -R --reason --resolve-all -sn -iL
nmap -6 -PA"21-23,25,53,80,88,110,111,135,139,443,445,3389,8080" -PS"21-23,25,53,80,88,110,111,135,139,443,445,3389,8080" -PU"42,53,67-68,88,111,123,135,137,138,161,500,3389,5355" -PY"22,80,179,5060" -T5 -R --reason --resolve-all -sn -iL
Hey Is there any usage options where we could instruct sublst3r to list only resolvable sub-domains. sublist3r also do list subdomain which later are unresolvable by nmap.