If you are a penetration tester and finding bugs on a site or trying to perform different attacks on a site or if you are looking for subdomains for a site then Sinlist3r is a great tool to find maximum subdomains for a site. Sublist3r is a great subdomain finding tool that has been written in Python to enumerate subdomains of a site. It uses publicly available data and sources to find subdomains by performing brute force techniques. It can find subdomains from search engines like Google, Yahoo, Bing, Ask, Netcraft and Baidu. You can also brute-force subdomains for a given value. So this was a brief introduction of the Sublist3r tool. Now we will move on how to find subdomains with it.
How To Install Sublist3r
Sublist3r is not already installed in Kali Linux, So you have to install it manually so that we can start finding subdomains for a site. Well, the process of installing Sublist3r is so easy. It takes no time to install Sublist3r. So to install it type in the following command to install it from GitHub:git clone https://github.com/aboul3la/Sublist3r.gitOr if you have downloaded version of Sublist3r type in the following command to run it.
./sublist3r.py -hAs I have downloaded it in Downloads folder first if all I will move in its folder.
Cd Downloads/Sublist3r-master
Now type The following command to run it:
./sublist3r.py –hHere –h is for help.
Now you can see all the available options of Sublist3r.
If you encounter any problem while installing you should install all the dependencies by typing in the following command:
Pip install –r requirements.txt
Now we will run sublist3r on google.com to find the subdomains of google. Type in the following command:
python sublist3r.py -d google.com
You can see that sublist3r discovered 403 subdomains from Google, Yahoo, Bing and many other search engines.
Now these were the domains that are publicly available. Now we will use the brute force technique to find more subdomains. It activates subbrute with 100 threads by the following command:
./sublist3r.py -d google.com -b -t 100
Now you can see that it found 843 subdomains by brute force technique.
You can use many other tools to get more result. There are many different tools available that can help you discover more subdomains in no time. Now you learned in this tutorial how you can find subdomains using sublist3r that is a great tool for finding subdomains. In future, we will make more tutorials on how to get more accurate results using different tools.
Links To Download:
Sublist3r: https://github.com/aboul3la/Sublist3r
Subbrute: https://github.com/TheRook/subbrute