Turbolist3r is a subdomain enumeration tool which can identify subdomain takeovers. It is heavily based on sublist3r: https://latesthackingnews.com/2016/01/27/sublist3r-free-tool-to-enumerate-subdomains-for-pentester/
Installation and usage
git clone https://github.com/fleetcaptain/Turbolist3r cd Turbolist3r/ pip3 install -r requirements.txt
There are various options such as port scanning, brute force on subdomains, input and output files, dns resolvers:
The following command shows how a typical subdomain scan would look like:
python3 turbolist3r.py -d latesthackingnews.com -a
Final thoughts
Turbolist3r is a great tool for finding hidden subdomains, it can reveal interesting A and CNAME records.
Based on the simple but effective usage, and the fact that the bigger part of the tool relies on other tools, I will award this tool with 3/5 bunnies:
Want To Learn More About Ethical Hacking?
Do you know of another GitHub related hacking tool?
Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.