Using sublist3r (with examples)
Sublist3r is a powerful tool for quickly enumerating subdomains of a given domain. It can be used by penetration testers to gather information about the target domain and potentially identify vulnerabilities or misconfigurations. In this article, we will explore different use cases of the Sublist3r command with code examples to illustrate their usage.
Use Case 1: Find subdomains for a domain
The first use case involves finding subdomains for a specific domain. This can be accomplished by running the following command:
sublist3r --domain domain_name
Here, domain_name
should be replaced with the target domain you want to enumerate. The motivation behind this use case is to gather information about the target domain and discover any potentially unknown subdomains that may exist. This can help in identifying attack vectors or misconfigured subdomains that could be exploited.
An example output of this command could be:
[+] subdomain1.domain.com
[+] subdomain2.domain.com
[+] subdomain3.domain.com
Use Case 2: Find subdomains using brute force search
The second use case involves enabling brute force search while finding subdomains. This can be done by adding the --bruteforce
flag to the previous command:
sublist3r --domain domain_name --bruteforce
Enabling brute force search can help in discovering additional subdomains that may not be publicly accessible or properly indexed. The motivation behind this use case is to exhaustively search for subdomains by trying various combinations of common subdomain names and popular services.
An example output of this command could be:
[+] subdomain1.domain.com
[+] subdomain2.domain.com
[+] subdomain3.domain.com
[+] mail.domain.com
[+] dev.domain.com
Use Case 3: Save subdomains to a text file
The third use case involves saving the found subdomains to a text file. This can be useful for further analysis or sharing the results with other team members. To accomplish this, simply add the --output
flag followed by the desired path and filename:
sublist3r --domain domain_name --output path/to/output_file
The motivation behind this use case is to have a structured and easily shareable list of subdomains for further investigation or documentation. The saved text file can be parsed or imported into other tools, making it a valuable asset for penetration testing or bug bounty programs.
An example output of this command could be:
Subdomains saved to: path/to/output_file
Use Case 4: Output all available options
The final use case involves obtaining information about all available options and flags supported by the Sublist3r command. This can be achieved by running the following command:
sublist3r --help
This command will provide a comprehensive list of command-line options, their explanations, and usage examples. The motivation behind this use case is to familiarize oneself with the available features and customization options offered by Sublist3r, enabling penetration testers to optimize their subdomain enumeration process.
An example output of this command could be:
[-] Usage: sublist3r [-h] [-d DOMAIN] [-o OUTPUT] [-b]
... (more detailed output) ...
By exploring these different use cases, you can leverage the power and flexibility of Sublist3r to efficiently enumerate subdomains and gather valuable information about your target domain.