In this post, You will learn what is sublist3r and how it works and while finishing this post you will be a pro in using the tool.
What is sublist3r
Sublist3r is a tool that is used to gather subdomains of the particular target from all possible sources. Well in many places I have said this is the best tool to gather subdomain information and it is the best tool for subdomain results. ????
Also Read: Information gathering using dns-recon
Who developed the sublist3r tool?
The tool was developed by this guy from Egypt and he seems to be a stick man even in real life and this guy wrote the mass scan tool also which we are often talked about that on our youtube channel.
Finally to download the sublist 3r tool just enter the below command and I mailed him why you named a weird name and I will show the mail reply I get from the author of the tool ????.
sudo apt-get install sublist3r
What all the sublist3r tools can do❓
- brute force
- TCP port scan only
- Specific search engine search
- Finally the subdomain search
Useful sublist3r commands
-h, –help – show this help message and exit
-d DOMAIN – Domain name to enumerate its subdomains
-b – Enable the subbrute bruteforce module
-p PORTS – Scan the found subdomains against specified TCP ports
-v [VERBOSE] – Enable Verbosity and display results in realtime
-t THREADS – Number of threads to use for subbrute Bruteforce
-e ENGINES – Specify a comma-separated list of search engines
-o OUTPUT – Save the results to a text file
How to use the tool
Example1: Standard scan
Let’s find the subdomains of a target
sublist3r -d techyrick.com
Example2: Brute force
For example 2 let’s find the subdomain and do a brute force attack on a possible subdomain found ????
sublist3r -d techyrick.com -b
In this example let’s see how to increase the speed and also add verbosity to the task
sublist3r -d techyrick.com -b -v -t 10
The result will be like ????
Example4: Save output
In the final example, we are going to save the found subdomain in the text format
sublist3r -d techyrick.com -o file.txt
This is the best and dedicated tool for gathering subdomain information and just give try to my readers and you will wonder, wait I am drunk while writing the post I guess ????.
Also Read: Gathering information using dns-enum tool
Also Read: Certificate information gathering
Read: Weleakinfo gathering