Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IP address query and comma-delimited output file #136

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 19 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,10 @@
## About Sublist3r
## About this Fork

This fork differs from the original Sublist3r project in the following ways:
* Includes Bogka IP lookups for subdomains discovered
* Output to a file in Comma-delimited format that can be ingested by many other tools

## About Sublist3r

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.

Expand Down Expand Up @@ -88,7 +94,7 @@ sudo apt-get install python-argparse
- Install for Centos/Redhat:
```
sudo yum install python-argparse
```
```

- Install using pip:
```
Expand All @@ -111,7 +117,8 @@ Short Form | Long Form | Description
-t | --threads | Number of threads to use for subbrute bruteforce
-e | --engines | Specify a comma-separated list of search engines
-o | --output | Save the results to text file
-h | --help | show the help message and exit
-h | --help | Show the help message and exit
-i | --findip | Find IP address of each subdomain

### Examples

Expand All @@ -123,10 +130,14 @@ Short Form | Long Form | Description

``python sublist3r.py -d example.com``

* To enumerate subdomains of specific domain and show only subdomains which have open ports 80 and 443 :
* To enumerate subdomains of specific domain and check for ports 80 and 443:

``python sublist3r.py -d example.com -p 80,443``

* To enumerate subdomains and enable IP address resolution:

``python sublist3r.py -v -i -d example.com``

* To enumerate subdomains of specific domain and show the results in realtime:

``python sublist3r.py -v -d example.com``
Expand All @@ -145,7 +156,7 @@ Short Form | Long Form | Description
**Example**

```python
import sublist3r
import sublist3r
subdomains = sublist3r.main(domain, no_threads, savefile, ports, silent, verbose, enable_bruteforce, engines)
```
The main function will return a set of unique subdomains found by Sublist3r
Expand All @@ -161,7 +172,7 @@ The main function will return a set of unique subdomains found by Sublist3r

Example to enumerate subdomains of Yahoo.com:
```python
import sublist3r
import sublist3r
subdomains = sublist3r.main('yahoo.com', 40, 'yahoo_subdomains.txt', ports= None, silent=False, verbose= False, enable_bruteforce= False, engines=None)
```

Expand All @@ -172,8 +183,8 @@ Sublist3r is licensed under the GNU GPL license. take a look at the [LICENSE](ht

## Credits

* [TheRook](https://github.com/TheRook) - The bruteforce module was based on his script **subbrute**.
* [Bitquark](https://github.com/bitquark) - The Subbrute's wordlist was based on his research **dnspop**.
* [TheRook](https://github.com/TheRook) - The bruteforce module was based on his script **subbrute**.
* [Bitquark](https://github.com/bitquark) - The Subbrute's wordlist was based on his research **dnspop**.

## Thanks

Expand Down
Loading