- by x32x01 ||
Discovering sub-domains of a domain is an essential part of pentest reconnaissance. Having unsecured subdomains can lead to serious risk to your business and lately, there were a number of security incidents where the hacker used sub-domains tricks. Thanks to author who committed to develop tool for doing subdomains enumeration.
There are a lot subdomain enumeration tools, such as Sublist3r. Sublist3r written in python. Sublist3r works by enumerate all possible subdomains through search engines, like google, yahoo, bing, etc. Not only using search engine, sublist3r also has bruteforce method, subbrute is integrated with wublist3r to increase possibility of finding more subdomains. Also sublist3r can scan the found subdomains against specific tcp ports.
As you can see, its exported to output file. Now we got a list, we can do anything, for example: using Nmap to scan available open ports and or running services with -iL option to scan entire target on a file.
STEP 1 : Installing Sublist3r and Dependencies
Type commands: Code:
git clone https://github.com/aboul3la/Sublist3r.git
cd Sublist3r
pip install -r requirements.txt #installing dependenciesSTEP 2 : Run Sublist3r
Type command: Code:
python sublist3r --helpSTEP 3 : Enumerate subdomains with output file!
Type command: Code:
python sublist3r.py -d [domain] -o [file location]