Fast subdomains enumeration tool for penetration testers
Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.
subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.
git clone https://github.com/aboul3la/Sublist3r.git
Sublist3r currently supports Python 2 and Python 3.
Sublist3r depends on the requests
, dnspython
and argparse
python modules.
These dependencies can be installed using the requirements file:
c:\python27\python.exe -m pip install -r requirements.txt
sudo pip install -r requirements.txt
Alternatively, each module can be installed independently as shown below.
c:\python27\python.exe -m pip install requests
sudo apt-get install python-requests
sudo yum install python-requests
sudo pip install requests
c:\python27\python.exe -m pip install dnspython
sudo apt-get install python-dnspython
sudo pip install dnspython
sudo apt-get install python-argparse
sudo yum install python-argparse
sudo pip install argparse
for coloring in windows install the following libraries
c:\python27\python.exe -m pip install win_unicode_console colorama
Short Form | Long Form | Description |
---|---|---|
-d | --domain | Domain name to enumerate subdomains of |
-b | --bruteforce | Enable the subbrute bruteforce module |
-p | --ports | Scan the found subdomains against specific tcp ports |
-v | --verbose | Enable the verbose mode and display results in realtime |
-t | --threads | Number of threads to use for subbrute bruteforce |
-e | --engines | Specify a comma-separated list of search engines |
-o | --output | Save the results to text file |
-h | --help | show the help message and exit |
python sublist3r.py -h
python sublist3r.py -d example.com
python sublist3r.py -d example.com -p 80,443
python sublist3r.py -v -d example.com
python sublist3r.py -b -d example.com
python sublist3r.py -e google,yahoo,virustotal -d example.com
Example
import sublist3r
subdomains = sublist3r.main(domain, no_threads, savefile, ports, silent, verbose, enable_bruteforce, engines)
The main function will return a set of unique subdomains found by Sublist3r
Function Usage:
Example to enumerate subdomains of Yahoo.com:
import sublist3r
subdomains = sublist3r.main('yahoo.com', 40, 'yahoo_subdomains.txt', ports= None, silent=False, verbose= False, enable_bruteforce= False, engines=None)
Sublist3r is licensed under the GNU GPL license. take a look at the LICENSE for more information.
Current version is 1.0