Sublist3r – Free tool to enumerate Subdomains for pentester

Sublist3r is python tool that is designed to enumerate subdomains of websites using search engines. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.

Sublist3r supports following search engine:

  • Google
  • Yahoo
  • Bing
  • Baidu
  • Ask

In future more search engines may be added. Sublist3r can gather subdomains using Netcraft and DNSdumpster.

Installing Sublist3r:

git clone https://github.com/aboul3la/Sublist3r.git

Recommended Python Version:

Python Version 2.7.x on any platform. Any other python versions maybe not supported at present.

Dependencies:


 

Requests library (http://docs.python-requests.org/en/latest/)

Install for Ubuntu/Debian:
sudo apt-get install python-requests

Install for Centos/Redhat:
sudo yum install python-requests

Install using pip:
sudo pip install requests


dnspython library (http://www.dnspython.org/)

Install for Ubuntu/Debian:
sudo apt-get install python-dnspython

Install using pip:
sudo pip install dnspython


 

argparse library

Install for Ubuntu/Debian:
sudo apt-get install python-argparse

Install for Centos/Redhat:
sudo yum install python-argparse

Install using pip:
sudo pip install argparse


 

How to use Sublist3r:

List of examples:

  • To list all the basic options and switches use -h switch:
    python sublist3r.py -h
  • To enumerate subdomains of specific domain:
    python sublist3r.py -d example.com
  • To enumerate subdomains of specific domain and show results in realtime:
    python sublist3r.py -v -d example.com
  • To enumerate subdomains and use the subbrute bruteforce module:
    python sublist3r.py -b -d example.com

Sublist3r (from GitHub)

Related posts

iOS 14 Introduces ‘Precise Location’ Toggle For Customize Location Sharing

Protect Your Kids From Cyber Threats At Home During COVID-19

Reiterating Common Cybersecurity Tips For Safe Remote Working