Download

Cheat sheet

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.


## know how oscp tool
## know how tool
## know how fuzzing

To list all the basic options and switches use -h switch:
python sublist3r.py -h

To enumerate subdomains of specific domain:
python sublist3r.py -d example.com

To enumerate subdomains of specific domain and show only subdomains which have open ports 80 and 443 :
python sublist3r.py -d example.com -p 80,443

To enumerate subdomains of specific domain and show the results in realtime:
python sublist3r.py -v -d example.com

To enumerate subdomains and enable the bruteforce module:
python sublist3r.py -b -d example.com

To enumerate subdomains and use specific engines such Google, Yahoo and Virustotal engines
python sublist3r.py -e google,yahoo,virustotal -d example.com

Installation
git clone https://github.com/aboul3la/Sublist3r.git
Recommended Python Version:
Sublist3r currently supports Python 2 and Python 3.

The recommended version for Python 2 is 2.7.x
The recommened version for Python 3 is 3.4.x
Dependencies:
Sublist3r depends on the requests, dnspython, and argparse python modules.

These dependencies can be installed using the requirements file:

Installation on Windows:
c:\python27\python.exe -m pip install -r requirements.txt
Installation on Linux
sudo pip install -r requirements.txt
Alternatively, each module can be installed independently as shown below.

Requests Module (http://docs.python-requests.org/en/latest/)
Install for Windows:
c:\python27\python.exe -m pip install requests
Install for Ubuntu/Debian:
sudo apt-get install python-requests
Install for Centos/Redhat:
sudo yum install python-requests
Install using pip on Linux:
sudo pip install requests
dnspython Module (http://www.dnspython.org/)
Install for Windows:
c:\python27\python.exe -m pip install dnspython
Install for Ubuntu/Debian:
sudo apt-get install python-dnspython
Install using pip:
sudo pip install dnspython
argparse Module
Install for Ubuntu/Debian:
sudo apt-get install python-argparse
Install for Centos/Redhat:
sudo yum install python-argparse
Install using pip:
sudo pip install argparse
for coloring in windows install the following libraries

c:\python27\python.exe -m pip install win_unicode_console colorama
Usage
Short Form  Long Form   Description
-d  –domain Domain name to enumerate subdomains of
-b  –bruteforce Enable the subbrute bruteforce module
-p  –ports  Scan the found subdomains against specific tcp ports
-v  –verbose    Enable the verbose mode and display results in realtime
-t  –threads    Number of threads to use for subbrute bruteforce
-e  –engines    Specify a comma-separated list of search engines
-o  –output Save the results to text file
-h  –help   show the help message and exit

Using Sublist3r as a module in your python scripts
Example

import sublist3r 
subdomains = sublist3r.main(domain, no_threads, savefile, ports, silent, verbose, enable_bruteforce, engines)
The main function will return a set of unique subdomains found by Sublist3r

Function Usage:

domain: The domain you want to enumerate subdomains of.
savefile: save the output into text file.
ports: specify a comma-sperated list of the tcp ports to scan.
silent: set sublist3r to work in silent mode during the execution (helpful when you don’t need a lot of noise).
verbose: display the found subdomains in real time.
enable_bruteforce: enable the bruteforce module.
engines: (Optional) to choose specific engines.
Example to enumerate subdomains of Yahoo.com:

import sublist3r 
subdomains = sublist3r.main('yahoo.com', 40, 'yahoo_subdomains.txt', ports= None, silent=False, verbose= False, enable_bruteforce= False, engines=None)