How To Use Sublist3r

Hey! Welcome to leetngo, the new InfoSec blog, it’s great to have you πŸ™‚
in these series we will be covering some useful tools any InfoSec guy should at least know about.

How to use the Sublist3r

Hi InfoSec enthusists! As you all know information gathering is a essential to know better your target, its activities…This step will make you save a lot of time while doing your penetration testing, vulnerabilty assessment or even just spying :p ( Don’t do that πŸ˜€ ). In this little guide, we are going to explore a tool that I found very useful in my first pentesting mission, it’s called Sublist3r.

So as we already said knowing the target is very important. By knowing the target we mean collecting as much informations as possible.

Sublist3r will help you enumerating subdomains for a given domain:
– using many search engines such as Google, Bing, Netcraft, ThreatCrowd, DNSdumpster, and many others.
– using a brute force technique by implementing a well known subdomains bruteforcer Subbrute

Let’s start our tutorial from installation to usage.
PS: For this tutorial We will be using Kali Linux.

First, we need to download our tool from this github repo. Thank you for this amazing tool Ahmed Aboul-Ela. You can do this either by downloading a zip version, decompress it. Or, ‘my prefered way’, cloning it directly from github:

# git clone https://github.com/aboul3la/Sublist3r

PS: As you can see, Sublist3r is writen in python, so of course you will need a python installation.

After your download goes successful, install all required python packages. You can do it either by opening requirements.txt and try to install every package seperatly by issuing this command:

# pip install <Package-Name>

Or installing all the dependencies with the same command:

# pip install -r requirements.txt

Now that our tool’s dependencies are satisfied, we can begin its usage.
First let’s explore our tool options ( it is a very good reflex, knowing your tool ). Here are some flags we’ll be using:

Flag Description
-d/–domain Domain name
-v/–verbose Enable the verbose mode and display results in realtime
-h/–help show the help message and exit

You can always type:

# ./sublist3r -h

and get the full help containing all possible options.

For the purpose of our tutorial ( which is fully educational, huh! yes we mean that we are not responsible of any misuse ) we will be using scanme.nmap.org domain ( We love nmap :’D and will be covering you in a very cool tutorial :p )

afterwards, we type the command below in our terminal:

# ./sublist3r -d scanme.nmap.org

… and we got 3 subdomains:

  • ascanme.nmap.org
  • nmap-v-ascanme.nmap.org
  • www.ascanme.nmap.org

It will be very helpful if we enable the verbose option:

# ./sublist3r -v -d nmap.org

It will show you the engines being queried:

Now that we have covered the first method, we will talk about the second method ( subdomains bruteforce ) in a seperate tutorial because it uses a very good tool subbrute.

But here is the command to bruteforce subdomains:

# ./sublist3r -b -d nmap.org

PS: The name list used for bruteforce is located in the subbrute directory of your too. It points to it directly, so no need to specify it explicitly.

Meet you in the next tutorial πŸ˜€

Links:

  • https://github.com/aboul3la/Sublist3r
  • https://github.com/aboul3la/Sublist3r/tree/master/subbrute

18 thoughts on “How To Use Sublist3r”

  1. Have you ever thought about creating an e-book or guest authoring on other blogs?

    I have a blog based upon on the same information you discuss and would really
    like to have you share some stories/information. I know my
    visitors would value your work. If you are even remotely interested, feel
    free to shoot me an email.

  2. Cool blog! Is your theme custom made or did you download it from somewhere?

    A design like yours with a few simple adjustements would really
    make my blog shine. Please let me know where you got your design.
    Thanks

  3. Definitely imagine that which yoou stated. Your favorite reason seemed to bee on the net the easiest factor to
    tzke note of. I say to you, I certainly get annoyed while people consider issues that thesy just do
    not recognize about. You managed to hit the nail upon the highesst as neaty as outlined out the
    enttire thing without havging side effect , people could take
    a signal. Will likely be agaion to geet more.
    Thanks

  4. I loved as much as you will receive carried out right here.
    The sketch is tasteful, your authored subject matter stylish.
    nonetheless, you command get bought an impatience over that you wish be delivering the following.
    unwell unquestionably come further formerly again as exactly the same nearly a lot often inside case
    you shield this increase.

  5. Hi there! Quick question that’s completely off topic.
    Do you know how to make your site mobile friendly? My site looks weird when browsing from my apple iphone.
    I’m trying to find a template or plugin that might be able
    to fix this problem. If you have any recommendations,
    please share. Cheers!

  6. Hmm is anyone else encountering problems with the images on this blog loading?

    I’m trying to find out if its a problem on my end or
    if it’s the blog. Any responses would be greatly appreciated.

  7. Hiya very nice web site!! Guy .. Excellent .. Superb ..
    I’ll bookmark your web site and take the feeds also?
    I’m satisfied to search out a lot of helpful information here in the publish,
    we need work out extra strategies onn this regard, thank you for sharing.
    . . . . .

  8. Appreciating the dedication you put into your website and detailed information you provide.
    It’s good to come across a blog every once in a while
    that isn’t the same old rehashed information. Fantastic
    read! I’ve saved your site and I’m adding your RSS feeds to my Google account.

  9. Heya i’m for the first time here. I found this board and I in finding It really helpful & it helped
    me out a lot. I am hoping to give something
    back and aid others like you helped me.

Leave a Reply

Your email address will not be published. Required fields are marked *