OSINT Tools: Sublist3r
3 min readWhat is Sublist3r?
Sublist3r is an information-gathering tool specifically designed for subdomain enumeration. Developed in Python, it leverages various sources and techniques to efficiently find subdomains associated with a given domain. Sublist3r is widely used by security professionals, penetration testers, and bug bounty hunters to expand their attack surface and identify potential security vulnerabilities.
Installation
Sublist3r is a Python-based tool and can be easily installed using pip. Here are the installation steps:
Prerequisites
Ensure that you have Python and pip installed on your system. Most Linux distributions come with Python preinstalled, but you can install pip if it’s not already available.
Installation Steps
- Open a terminal window.
- Install Sublist3r using
pip:bash
pip install sublist3r
This command will download and install the Sublist3r package and its dependencies.
Verify the installation by running:
bash
sublist3r -hYou should see the help menu, which confirms that Sublist3r is successfully installed.
Using Sublist3r
Sublist3r is easy to use and provides several options to customize your subdomain enumeration process. Here’s how to get started:
Basic Usage
To perform a basic subdomain enumeration, simply run Sublist3r with the target domain as an argument:
bash
sublist3r -d example.com
Sublist3r will start querying various data sources and DNS records to discover subdomains associated with the target domain. The results will be displayed in your terminal.
Enumerate Subdomains with Output
You can save the results to a file using the -o flag:
bash
sublist3r -d example.com -o output.txt
This will create a text file (output.txt) containing the discovered subdomains.
Using Multiple Search Engines
Sublist3r supports multiple search engines to gather subdomain information. You can specify which search engines to use with the -e flag:
bash
sublist3r -d example.com -e google,bing,yahoo
This command will instruct Sublist3r to use Google, Bing, and Yahoo search engines for subdomain enumeration.
Verbose Mode
To get more detailed information about the enumeration process, you can enable verbose mode using the -v flag:
bash
sublist3r -d example.com -v
Verbose mode will display additional information during the enumeration process.
Specify a Custom Wordlist
You can use a custom wordlist to improve the accuracy of subdomain discovery. Use the -b flag to specify a wordlist file:
bash
sublist3r -d example.com -b custom_wordlist.txt
Replace custom_wordlist.txt with the path to your custom wordlist file.
Output Format
Sublist3r provides various output formats, including text, CSV, and JSON. Use the -o flag followed by the desired output format:
bash
sublist3r -d example.com -o json -o output.json
This command will save the results in JSON format to a file named output.json.
Conclusion
Sublist3r is a versatile and efficient subdomain enumeration tool that simplifies the process of discovering subdomains associated with a target domain. Whether you’re a cybersecurity professional, penetration tester, or bug bounty hunter, integrating Sublist3r into your toolkit can significantly enhance your reconnaissance capabilities.
Remember to use Sublist3r responsibly and within the boundaries of applicable laws and regulations. With its flexibility and ease of use, Sublist3r is a valuable addition to your cybersecurity toolbox for information gathering and reconnaissance tasks.
To explore more advanced features and options, you can refer to the official Sublist3r GitHub repository: Sublist3r GitHub Repository.
