___________ __________ _____ ________ ________ .____ ___________ \_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/ | __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_ | \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \ \___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ / \/ \/ \/ \/ \/ \/ \/

sublist3r Cheatsheet

← Back to cheatsheets

← Home

Sublist3r is a Python tool designed to enumerate subdomains using search engines like Google, Yahoo, Bing, Baidu, and Ask. It also uses Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.

Basic Usage

  • sublist3r -d <domain> - Basic subdomain enumeration
  • python sublist3r.py -d <domain> - Run directly with Python

Options

  • -d, --domain - Domain to enumerate
  • -b, --bruteforce - Enable brute force module
  • -p, --ports - Scan for open ports (comma separated)
  • -v, --verbose - Enable verbose output
  • -t, --threads - Number of threads (default 30)
  • -e, --engines - Specify search engines (comma separated)
  • -o, --output - Save results to file
  • -h, --help - Show help message

Search Engines

Available engines for -e option:

  • google
  • yahoo
  • bing
  • baidu
  • ask
  • netcraft
  • dnsdumpster
  • virustotal
  • threatcrowd
  • ssl
  • passivedns

Common Examples

Basic Enumeration

sublist3r -d example.com

Find subdomains using all sources.

Save to File

sublist3r -d example.com -o subdomains.txt

Save discovered subdomains to file.

Verbose with Threads

sublist3r -d example.com -v -t 50

Verbose output with 50 threads.

Specific Engines

sublist3r -d example.com -e google,bing,virustotal

Use only specific search engines.

With Port Scanning

sublist3r -d example.com -p 80,443,8080

Enumerate and scan for open ports.

Brute Force

sublist3r -d example.com -b

Enable brute force subdomain guessing.

Full Scan

sublist3r -d example.com -b -p 80,443 -v -o results.txt

Comprehensive scan with all features.

Installation

# Clone the repository
git clone https://github.com/aboul3la/Sublist3r.git

# Install requirements
cd Sublist3r
pip install -r requirements.txt

# Run
python sublist3r.py -d example.com

Tips

  • Use multiple engines for comprehensive coverage
  • Some engines may block you - rotate sources if needed
  • Combine with other tools like amass and subfinder
  • Use -v to see real-time progress
  • Port scanning adds time but reveals more info
  • Brute force can find subdomains not indexed by search engines
  • Results can be piped to other tools for further analysis
  • Always get authorization before scanning targets you don't own

← Back to cheatsheets

← Home