Sublist3r is a subdomain discovery tool that is written in Python that has been designed to enumerate subdomains of websites using data from publicly available sources and brute force techniques. The public sources consist of a wide range of popular search engines such as Google, Yahoo, Bing, Baidu, Ask and also Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS to discover subdomains.
Unfortunately it is not installed on Kali Linux by default so before we can start scanning some hosts we have to install the tool first. Fortunately the installation process is pretty straightforward and should not cause any trouble.
First open a terminal sessions and change the directory to the Desktop as following:
The next step is to run the following command to clone the repository in a new directory:
git clone https://github.com/aboul3la/Sublist3r.git
Change the directory to Sublist3r:
And finally complete the installation by installing the required dependencies with the following command:
pip install -r requirements.txt
As we can see it discovered 403 subdomains from Google, Bing, Yahoo and the other search engines. The found subdomains are then printed to the terminal.
So far we’ve only searched publicly available sources for sub domains for the given domain name. In the next step we will also activate Subbrute which uses a wordlist to brute force subdomains. The following command activates Subbrute with 100 threads:
As we can see Sublister and Subbrute found a total of 843 unique subdomains for the google.com domain.