chevron_left chevron_right
Login Register invert_colors photo_library


Upgrade your account to hide advertisements.

Thread Rating:
  • 0 Vote(s) - 0 Average


filter_list Sublist3r & SubBrute
Author
Message
Sublist3r & SubBrute #1
Hello all,

Heads up, Best read the us-cert just so, if something goes wrong, you don't get into trouble.
These posts are intent of training and quality purposes only. I don't condone any member from SL to perform such act.

For testing purposes: Performing acts on cyberspacekittens.com is okay.

This thread is based on sub domain and, using scripts to accurately find in a fast manner.

Sublist3r:
As sites get spidered, files with links get analyzed and scraped public resources become available, which means we can use search engines to do the hard work for us.
Do note that, using a tool like this uses different "google dork" style search queries that can look like a bot. This could temporarily get you blacklisted and require you to fill out a captcha with every request, which may limit the results found.

Here is the link: Github.com

SubBrute:
SubBrute is a community-driven project with the foal of creating the fastest, and most accurate sub domain enumeration tool.
Some of the magic behind SubBrute is that is uses open resolver as a kind of proxy to circumvent DNS rate-limiting (us-cert)

Here is the link: Github.com
(This post was last modified: 07-17-2018, 02:14 PM by Mimiakira.)
[Image: qPI5ctk.jpg]
Twitter // Mimi // Mimi#1000


Reply

RE: Sublist3r & SubBrute #2
(07-21-2018, 12:39 AM)MLT Wrote: A good thing to do after performing recon w/ subdomain enumeration tools and determining which ones are running webservers is to then use a tool such as EyeWitness to take a snapshot of each subdomain in order to quickly determine which of those subdomains are likely to host vulnerable webapps - this will save you a lot of time and can be especially useful if you're doing a pentest in a fast-paced environment (for example a new bug bounty program that just launched where you'd be competing against others in order to make those first reports)

e.g. pipe output from sublist3r/subbrute and/or other tools to something like nmap to determine which hosts are live and running webservers then to eyewitness in order to quickly see what content exists on those servers. It's also useful to check for subdomain takeovers while you're at it, my friend wrote a nice tool for this

Thanks for sharing your thoughts and tools Smile. I'll be posting more on sub-domains if I can find more that are actually useful.
[Image: qPI5ctk.jpg]
Twitter // Mimi // Mimi#1000


Reply

RE: Sublist3r & SubBrute #3
Both awesome tools. If you want to learn more about subdomain enumeration read these articles covering tools, tricks and methods:

Subdomain enumeration
The Art of Subdomain Enumeration

Reply

RE: Sublist3r & SubBrute #4
Missed this thread completely.

I will need to dedicate a bit of time to look Into this.
Appreciated.
[Image: AD83g1A.png]

Reply

RE: Sublist3r & SubBrute #5
(08-10-2018, 12:03 PM)mothered Wrote: Missed this thread completely.

I will need to dedicate a bit of time to look Into this.
Appreciated.

You totally should. Highly recommend them.
[Image: qPI5ctk.jpg]
Twitter // Mimi // Mimi#1000


[+] 1 user Likes Mimiakira's post
Reply






Users browsing this thread: 1 Guest(s)