sublist3r
Discover subdomains for a given domain
TLDR
Find subdomains for a domain
Find subdomains for a domain, also enabling brute force search
Save the found subdomains to a text file
Display help
SYNOPSIS
sublist3r [-d domain] [-b] [-v] [-t threads] [-o outputfile] [-e engines] [-p ports]
PARAMETERS
-d domain
The target domain you want to enumerate subdomains for.
-b
Enable brute force mode to try to guess subdomains using a wordlist.
-v
Enable verbose mode to show more detailed output.
-t threads
Set the number of threads to use for brute-forcing subdomains. Higher thread counts can improve speed but also increase resource usage.
-o outputfile
Specify the file to save the results to.
-e engines
Specify a comma-separated list of search engines and services to use (e.g., Google,Bing,Virustotal).
-p ports
Test specified ports on discovered subdomains.
DESCRIPTION
Sublist3r is a Python tool designed to enumerate subdomains of websites using various open-source intelligence (OSINT) sources. It helps penetration testers and security researchers identify potential attack surfaces by discovering subdomains that may not be immediately obvious. It utilizes search engines, DNS records, certificate transparency logs, and other sources to comprehensively map a target domain's infrastructure. Sublist3r is valuable for asset discovery, reconnaissance, and identifying potential vulnerabilities in subdomains. Its ability to gather information from multiple sources makes it a powerful tool for uncovering hidden or forgotten subdomains that could be exploited by attackers. The tool also provides options to brute-force subdomains, further expanding the potential attack surface discovery.
It is capable of using different search engines and external sources like Netcraft, DNSdumpster, Virustotal, ThreatCrowd, PassiveTotal, SecurityTrails, CRT.sh, and more, to gather subdomain information. The accuracy and completeness of the results depend on the availability and accessibility of these external services.
CAVEATS
The accuracy and completeness of Sublist3r's results depend heavily on the availability and accuracy of the external sources it utilizes. Some sources might require API keys or have rate limits, which can impact performance. Using brute-force mode can be resource-intensive and may be less effective against domains with strong subdomain naming conventions.
INSTALLATION
Sublist3r is typically installed using pip, the Python package installer. You might need to install Python and pip first. The basic installation command is: pip install sublist3r. Consider using a virtual environment to manage dependencies.
USAGE EXAMPLES
- Basic subdomain enumeration:
sublist3r -d example.com
- Saving results to a file:
sublist3r -d example.com -o output.txt
- Using specific search engines:
sublist3r -d example.com -e Google,Bing
- Brute-forcing subdomains:
sublist3r -d example.com -b