Sublist3r: Fast subdomains enumeration tool for pentester and Bughunter

About Sublist3r

Sublist3r is python based subdomains scanner for hackers, bughunters and pen-testers. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.

subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using brute-force with an improved word-list. The credit goes to The-rook who is the author of subbrute.


git clone

Recommended Python Version:

Sublist3r currently supports Python 2 and Python 3.

  • The recommended version for Python 2 is 2.7.x
  • The recommened version for Python 3 is 3.4.x


Sublist3r depends on the requests, dnspython, and argparse python modules.

These dependencies can be installed using the requirements file:

  • Installation on Windows:
c:\python27\python.exe -m pip install -r requirements.txt
  • Installation on Linux
sudo pip install -r requirements.txt

Alternatively, each module can be installed independently as shown below.

Requests Module (

  • Install for Windows:
c:\python27\python.exe -m pip install requests
  • for Ubuntu/Debian:
sudo apt-get install python-requests
  • Centos/Redhat:
sudo yum install python-requests
  • Install using pip on Linux:
sudo pip install requests

dnspython Module (

  • Windows:
c:\python27\python.exe -m pip install dnspython
  • Ubuntu/Debian:
sudo apt-get install python-dnspython
  • Install using pip:
sudo pip install dnspython

argparse Module

  • Ubuntu/Debian:
sudo apt-get install python-argparse
  • Centos/Redhat:
sudo yum install python-argparse
  • Install using pip:
sudo pip install argparse

Coloring library

c:\python27\python.exe -m pip install win_unicode_console colorama


Short FormLong FormDescription
-d–domainDomain name to enumerate subdomains of
-b–bruteforceEnable the subbrute bruteforce module
-p–portsScan the found subdomains against specific tcp ports
-v–verboseEnable the verbose mode and display results in realtime
-t–threadsNumber of threads to use for subbrute bruteforce
-e–enginesSpecify a comma-separated list of search engines
-o–outputSave the results to text file
-h–helpshow the help message and exit


  • TO get help:
python -h
  • Subdomain scanning using specific domain:
python -d
  • Scan subdomains with specific ports as shown in below.
python -d -p 80,443
  • Enumerate subdomain with verbose on mode.
python -v -d
  • Perform Brute-force on target subdomains.
python -b -d
  • Scanning subdomains using specified search engines.
python -e google,yahoo,virustotal -d

Using Sublist3r as a module in your python scripts


import sublist3r 
subdomains = sublist3r.main(domain, no_threads, savefile, ports, silent, verbose, enable_bruteforce, engines)

The main function will return a set of unique subdomains found by Sublist3r

Function Usage:

  • domain: The target for which you want to search subdomains.
  • savefile: save the output into text file.
  • ports: specify a comma-sperated list of the tcp ports to scan.
  • verbose: display the found subdomains in real time.
  • enable_bruteforce: enable the bruteforce module.
  • engines: (Optional) to choose specific engines.

Leave a Reply

Your email address will not be published. Required fields are marked *