sublist3r: The best tool to gather subdomain info


In this post, You will learn what is sublist3r and how it works and while finishing this post you will be a pro in using the tool.


What is sublist3r

Sublist3r is a tool that is used to gather subdomains of the particular target from all possible sources. Well in many places I have said this is the best tool to gather subdomain information and it is the best tool for subdomain results. ????

Also Read: Information gathering using dns-recon


Who developed the sublist3r tool?

The tool was developed by this guy from Egypt and he seems to be a stick man even in real life and this guy wrote the mass scan tool also which we are often talked about that on our youtube channel.

Finally to download the sublist 3r tool just enter the below command and I mailed him why you named a weird name and I will show the mail reply I get from the author of the tool ????.

sudo apt-get install sublist3r

What all the sublist3r tools can do❓

  1. brute force
  2. TCP port scan only
  3. Specific search engine search
  4. Finally the subdomain search


Useful sublist3r commands

-h, –help – show this help message and exit

-d DOMAIN – Domain name to enumerate its subdomains

-b – Enable the subbrute bruteforce module

-p PORTS – Scan the found subdomains against specified TCP ports

-v [VERBOSE] – Enable Verbosity and display results in realtime

-t THREADS – Number of threads to use for subbrute Bruteforce

-e ENGINES – Specify a comma-separated list of search engines

-o OUTPUT – Save the results to a text file

How to use the tool

Example1: Standard scan

Let’s find the subdomains of a target

sublist3r -d 
sublist3r command

Example2: Brute force

For example 2 let’s find the subdomain and do a brute force attack on a possible subdomain found ????

sublist3r -d -b
sublist3r commands and brute forcing

Example3: Verbose

In this example let’s see how to increase the speed and also add verbosity to the task

sublist3r -d -b -v -t 10
adding verbonisty

The result will be like ????

result of sublist3r

Example4: Save output

In the final example, we are going to save the found subdomain in the text format

sublist3r -d -o file.txt
saving the result in sublist3r


This is the best and dedicated tool for gathering subdomain information and just give try to my readers and you will wonder, wait I am drunk while writing the post I guess ????.


Also Read: Gathering information using dns-enum tool

Also Read: Certificate information gathering

Read: Weleakinfo gathering

2 thoughts on “sublist3r: The best tool to gather subdomain info”

Comments are closed.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions or brave browser to block ads. Please support us by disabling these ads blocker.Our website is made possible by displaying Ads hope you whitelist our site. We use very minimal Ads in our site


Scroll to Top