TOOLS sublist3r - cloudsecuritylabs/ethicalhackingclass GitHub Wiki
Domain Harvesting with sublist3r
- apt install sublist3r
- if you get an error for 'Virustotal probably now is blocking our requests' - register an account with virus total and add your own API key.
- export VT_APIKEY=yourownapikey
More info
└─$ sublist3r --help
usage: sublist3r.py [-h] -d DOMAIN [-b [BRUTEFORCE]] [-p PORTS] [-v [VERBOSE]] [-t THREADS] [-e ENGINES] [-o OUTPUT] [-n]
OPTIONS:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
Domain name to enumerate it's subdomains
-b [BRUTEFORCE], --bruteforce [BRUTEFORCE]
Enable the subbrute bruteforce module
-p PORTS, --ports PORTS
Scan the found subdomains against specified tcp ports
-v [VERBOSE], --verbose [VERBOSE]
Enable Verbosity and display results in realtime
-t THREADS, --threads THREADS
Number of threads to use for subbrute bruteforce
-e ENGINES, --engines ENGINES
Specify a comma-separated list of search engines
-o OUTPUT, --output OUTPUT
Save the results to text file
-n, --no-color Output without color
Example: python3 /usr/lib/python3/dist-packages/sublist3r.py -d google.com
Example
* ┌──(student㉿kalinew)-[~]
└─$ sublist3r -d google.com
____ _ _ _ _ _____
/ ___| _ _| |__ | (_)___| |_|___ / _ __
\___ \| | | | '_ \| | / __| __| |_ \| '__|
___) | |_| | |_) | | \__ \ |_ ___) | |
|____/ \__,_|_.__/|_|_|___/\__|____/|_|
# Coded By Ahmed Aboul-Ela - @aboul3la
[-] Enumerating subdomains now for google.com
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
[!] Error: Virustotal probably now is blocking our requests
[-] Total Unique Subdomains Found: 42
ads.google.com
books.google.com
business.google.com
chrome.google.com
classroom.google.com
bigquery.cloud.google.com
dialogflow.cloud.google.com
code.google.com
sheets.corp.google.com
datastudio.google.com
docs.google.com
domains.google.com
drive.google.com
earth.google.com
hangouts.google.com
images.google.com
ipv6test.google.com
isp.google.com
issuetracker.google.com
jamboard.google.com
madeby.google.com
mail.google.com
marketingplatform.google.com
meet.google.com
merchants.google.com
messages.google.com
myaccount.google.com
news.google.com
pay.google.com
peering.google.com
picasaweb.google.com
play.google.com
podcasts.google.com
postmaster.google.com
profiles.google.com
colab.research.google.com
scholar.google.com
script.google.com
store.google.com
support.google.com
translate.google.com
vr.google.com
Example 2
sudo sublist3r -d cnn.com -t 3 -e bing