December 6, 2023

OSINT Tools: Sublist3r

3 min read

What is Sublist3r?

Sublist3r is an information-gathering tool specifically designed for subdomain enumeration. Developed in Python, it leverages various sources and techniques to efficiently find subdomains associated with a given domain. Sublist3r is widely used by security professionals, penetration testers, and bug bounty hunters to expand their attack surface and identify potential security vulnerabilities.


Sublist3r is a Python-based tool and can be easily installed using pip. Here are the installation steps:


Ensure that you have Python and pip installed on your system. Most Linux distributions come with Python preinstalled, but you can install pip if it’s not already available.

Installation Steps

  1. Open a terminal window.
  2. Install Sublist3r using pip:bash

pip install sublist3r

This command will download and install the Sublist3r package and its dependencies.

Verify the installation by running:


  1. sublist3r -h You should see the help menu, which confirms that Sublist3r is successfully installed.

Using Sublist3r

Sublist3r is easy to use and provides several options to customize your subdomain enumeration process. Here’s how to get started:

Basic Usage

To perform a basic subdomain enumeration, simply run Sublist3r with the target domain as an argument:


sublist3r -d

Sublist3r will start querying various data sources and DNS records to discover subdomains associated with the target domain. The results will be displayed in your terminal.

Enumerate Subdomains with Output

You can save the results to a file using the -o flag:


sublist3r -d -o output.txt

This will create a text file (output.txt) containing the discovered subdomains.

Using Multiple Search Engines

Sublist3r supports multiple search engines to gather subdomain information. You can specify which search engines to use with the -e flag:


sublist3r -d -e google,bing,yahoo

This command will instruct Sublist3r to use Google, Bing, and Yahoo search engines for subdomain enumeration.

Verbose Mode

To get more detailed information about the enumeration process, you can enable verbose mode using the -v flag:


sublist3r -d -v

Verbose mode will display additional information during the enumeration process.

Specify a Custom Wordlist

You can use a custom wordlist to improve the accuracy of subdomain discovery. Use the -b flag to specify a wordlist file:


sublist3r -d -b custom_wordlist.txt

Replace custom_wordlist.txt with the path to your custom wordlist file.

Output Format

Sublist3r provides various output formats, including text, CSV, and JSON. Use the -o flag followed by the desired output format:


sublist3r -d -o json -o output.json

This command will save the results in JSON format to a file named output.json.


Sublist3r is a versatile and efficient subdomain enumeration tool that simplifies the process of discovering subdomains associated with a target domain. Whether you’re a cybersecurity professional, penetration tester, or bug bounty hunter, integrating Sublist3r into your toolkit can significantly enhance your reconnaissance capabilities.

Remember to use Sublist3r responsibly and within the boundaries of applicable laws and regulations. With its flexibility and ease of use, Sublist3r is a valuable addition to your cybersecurity toolbox for information gathering and reconnaissance tasks.

To explore more advanced features and options, you can refer to the official Sublist3r GitHub repository: Sublist3r GitHub Repository.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

Discover more from

Subscribe now to keep reading and get access to the full archive.

Continue Reading