Sublist3r - Fast subdomains enumeration tool for penetration testers

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.
subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.


Short FormLong FormDescription
-d--domainDomain name to enumerate subdomains of
-b--bruteforceEnable the subbrute bruteforce module
-p--portsScan the found subdomains against specific tcp ports
-v--verboseEnable the verbose mode and display results in realtime
-t--threadsNumber of threads to use for subbrute bruteforce
-e--enginesSpecify a comma-separated list of search engines
-o--outputSave the results to text file
-h--helpshow the help message and exit


  • To list all the basic options and switches use -h switch:
python -h
  • To enumerate subdomains of specific domain:
python -d
  • To enumerate subdomains of specific domain and show only subdomains which have open ports 80 and 443 :
python -d -p 80,443
  • To enumerate subdomains of specific domain and show the results in realtime:
python -v -d
  • To enumerate subdomains and enable the bruteforce module:
python -b -d
  • To enumerate subdomains and use specific engines such Google, Yahoo and Virustotal engines
python -e google,yahoo,virustotal -d

No comments

Note: Only a member of this blog may post a comment.

Powered by Blogger.