Sublist3r 是一种渗透工具,属于信息收集工具类别,能够收集我们将扫描的主域的所有子域。此软件包包含旨在使用 OSINT 枚举网站子域的 Python 工具。这将有助于渗透测试人员和错误猎人收集他们目标域的子域。Sublist3r使用许多搜索引擎(如Google,Yahoo,Bing,Baidu和Ask)计算子域。Sublist3r 还使用 Netcraft、Virustotal、ThreatCrowd、DNSdumpster 和 ReverseDNS 枚举子域。
Subbrute与Sublist3r集成,以增加使用蛮力找到更多子域的可能性,并改进了单词列表,这要归功于Subbrute的作者TheRook。
使用 Sublist3r 的示例
root@kali:~# sublist3r -d kali.org -t 3 -e bing
____ _ _ _ _ _____
/ ___| _ _| |__ | (_)___| |_|___ / _ __
\___ \| | | | '_ \| | / __| __| |_ \| '__|
___) | |_| | |_) | | \__ \ |_ ___) | |
|____/ \__,_|_.__/|_|_|___/\__|____/|_|
# Coded By Ahmed Aboul-Ela - @aboul3la
[-] Enumerating subdomains now for kali.org
[-] Searching now in Bing..
[-] Total Unique Subdomains Found: 19
www.kali.org
archive-3.kali.org
archive-4.kali.org
archive-5.kali.org
bugs.kali.org
cdimage.kali.org
docs.kali.org
ar.docs.kali.org
he.docs.kali.org
id.docs.kali.org
tr.docs.kali.org
forums.kali.org
git.kali.org
http.kali.org
images.kali.org
pkg.kali.org
repo.kali.org
security.kali.org
tools.kali.org
Sublist3r 使用指南
root@kali:~# sublist3r -h
usage: sublist3r.py [-h] -d DOMAIN [-b [BRUTEFORCE]] [-p PORTS] [-v [VERBOSE]]
[-t THREADS] [-e ENGINES] [-o OUTPUT] [-n]
OPTIONS:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
Domain name to enumerate it's subdomains
-b [BRUTEFORCE], --bruteforce [BRUTEFORCE]
Enable the subbrute bruteforce module
-p PORTS, --ports PORTS
Scan the found subdomains against specified tcp ports
-v [VERBOSE], --verbose [VERBOSE]
Enable Verbosity and display results in realtime
-t THREADS, --threads THREADS
Number of threads to use for subbrute bruteforce
-e ENGINES, --engines ENGINES
Specify a comma-separated list of search engines
-o OUTPUT, --output OUTPUT
Save the results to text file
-n, --no-color Output without color
Example: python3 /usr/lib/python3/dist-packages/sublist3r.py -d google.com
如何安装工具Sublist3r
如果您是Linux用户,尤其是Kali Linux(滚动)安装方法非常简单易行,您只需键入以下命令即可。
sudo apt-get install sublist3r