Subdomain-bruteforcer
SubBrute is a community-driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting (https://www.us-cert.gov/ncas/alerts/TA13-088A). This design also provides a layer of anonymity, as SubBrute does not send traffic directly to the target’s name servers.
More information
names.txt contains 101,010 subdomains. subs_small.txt was stolen from fierce2 which contains 1896 subdomains. If you find more subdomains to add, open a bug report or pull request and I’ll be happy to add them.
No install required for Windows, just cd into the ‘windows’ folder:
subbrute.exe google.com
Easy to install: You just need http://www.dnspython.org/ and python2.7 or python3. This tool should work under any operating system: BSD, osx, windows, Linux.
(On a side note giving a makefile root always bothers me, it would be a great way to install a backdoor…)
Under Ubuntu/Debian all you need is:
sudo apt-get install python-dnspython
On other operating systems you may have to install DNS python manually:
http://www.dnspython.org/
How to install and use subbrute tool
Step 1: Clone the package
git clone https://github.com/TheRook/subbrute.git
Step 2: Change the directory
cd subbrute
Step 3: Run the subbrute tool
./subbrute.py ( Website name)
Easy to use
./subbrute.py google.com
Tests multiple domains:
./subbrute.py google.com gmail.com blogger.com
or a newline delimited list of domains:
./subbrute.py -t list.txt
Also keep in mind that subdomains can have subdomains (example: _xmpp-server._tcp.gmail.com):
./subbrute.py gmail.com > gmail.out
./subbrute.py -t gmail.out
Post a Comment