Frameworks information gathering tool Kali Linux

How To Find Subdomains Of A Website In Kali Linux 2018.1 Using Sublist3r Tool

sublist3r
Written by Mubassir patel

About Sublist3r

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNA dumpster, and ReverseDNS.

subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using brute-force with an improved word list. The credit goes to TheRook who is the author of subbrute.

Screenshots

how to find subdomains of a website in kali linux 2018.1 using sublist3r

Installation

git clone https://github.com/aboul3la/Sublist3r.git

Read This:  Dropit Framework: All In one pentesting Tool

Recommended Python Version:

Sublist3r currently supports Python 2 and Python 3.

  • The recommended version for Python 2 is 2.7.x
  • The recommended version for Python 3 is 3.4.x

Dependencies For Sublist3r:

Sublist3r depends on the, requestsdnspython and python modules argparse

These dependencies can be installed using the requirements file:

  • Installation on Windows:
c:\python27\python.exe -m pip install -r requirements.txt
  • Installation on Linux
sudo pip install -r requirements.txt

Alternatively, each module can be installed independently as shown below.

Requests Module (http://docs.python-requests.org/en/latest/)

  • Install for Windows:
c:\python27\python.exe -m pip install requests
  •  for Ubuntu/Debian:
sudo apt-get install python-requests
  •  Centos/Redhat:
sudo yum install python-requests
  •  pip on Linux:
sudo pip install requests

dnspython Module (http://www.dnspython.org/)

  •  for Windows:
c:\python27\python.exe -m pip install dnspython
  •  Ubuntu/Debian:
sudo apt-get install python-dnspython
  • Install using pip:
sudo pip install dnspython

argparse Module

  • To Install for Ubuntu/Debian:
sudo apt-get install python-argparse
  •  for Centos/Redhat:
sudo yum install python-argparse
  •  using pip:
sudo pip install argparse

for coloring in windows install the following libraries

c:\python27\python.exe -m pip install win_unicode_console colorama

Usage

Short Form Long Form Description
-d –domain Domain name to enumerate subdomains of
-b –bruteforce Enable the subbrute brute-force module
-p –ports Scan the found subdomains against specific TCP ports
-v –verbose Enable the verbose mode and display results in real-time
-t –threads Number of threads to use for subbrute brute-force
-e –engines Specify a comma-separated list of search engines
-o –output Save the results to the text file
-h –help show the help message and exit

Examples

  • To list all the basic options and switches use -h switch:

python sublist3r.py -h

  • To enumerate subdomains of a specific domain:

python sublist3r.py -d example.com

  •  subdomains of the specific domain and show only subdomains which have open ports 80 and 443 :

python sublist3r.py -d example.com -p 80,443

  •  specific domain and show the results in real-time:

python sublist3r.py -v -d example.com

  • To enable the brute force module:

python sublist3r.py -b -d example.com

  • To enumerate subdomains and use specific engines such Google, Yahoo and Virustotal engines

python sublist3r.py -e google,yahoo,virustotal -d example.com

Using Sublist3r as a module in your python scripts

Example

import sublist3r 
subdomains = sublist3r.main(domain, no_threads, savefile, ports, silent, verbose, enable_bruteforce, engines)

The main function will return a set of unique subdomains found by Sublist3r

Function Usage:

  • domain: The domain you want to enumerate subdomains of.
  • savefile: save the output into a text file.
  • ports:  specify a comma-separated list of the TCP ports to scan.
  • silent: set sublist3r to work in silent mode during the execution (helpful when you don’t need a lot of noise).
  • verbose: display the found subdomains in real time.
  • enable_bruteforce: enable the brute force module.
  • engines: (Optional) to choose specific engines.

Example to enumerate subdomains of Yahoo.com:

import sublist3r 
subdomains = sublist3r.main('yahoo.com', 40, 'yahoo_subdomains.txt', ports= None, silent=False, verbose= False, enable_bruteforce= False, engines=None)

Video:

[amazon_link asins=’B077L7SNG8,B074VFZ2GW,B077C37Y1N,B074P26NVR,B079D6KHMC’ template=’ProductCarousel’ store=’mubassir-20′ marketplace=’US’ link_id=’a0a1e044-2853-11e8-bc07-5f8473045dc4′]

About the author

Mubassir patel

Mubassir is a founder and developer of this site. He is a computer science engineer. He has a very deep interest in ethical hacking, penetration testing, website development and including all technology topic.

Leave a Comment