|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: "Sublist3r.py: Enumerating Subdomains" |
| 4 | +--- |
| 5 | + |
| 6 | +Tried. https://github.com/aboul3la/Sublist3r |
| 7 | + |
| 8 | +```bash |
| 9 | +% python sublist3r.py -d google.com |
| 10 | +🚀 **Proxy Settings Detected:** |
| 11 | + - HTTP_PROXY: http://127.0.0.1:7890 |
| 12 | + - HTTPS_PROXY: http://127.0.0.1:7890 |
| 13 | + |
| 14 | + |
| 15 | + ____ _ _ _ _ _____ |
| 16 | + / ___| _ _| |__ | (_)___| |_|___ / _ __ |
| 17 | + \___ \| | | | '_ \| | / __| __| |_ \| '__| |
| 18 | + ___) | |_| | |_) | | \__ \ |_ ___) | | |
| 19 | + |____/ \__,_|_.__/|_|_|___/\__|____/|_| |
| 20 | + |
| 21 | + # Coded By Ahmed Aboul-Ela - @aboul3la |
| 22 | + |
| 23 | +[-] Enumerating subdomains now for google.com |
| 24 | +[-] Searching now in Baidu.. |
| 25 | +[-] Searching now in Yahoo.. |
| 26 | +[-] Searching now in Google.. |
| 27 | +[-] Searching now in Bing.. |
| 28 | +[-] Searching now in Ask.. |
| 29 | +[-] Searching now in Netcraft.. |
| 30 | +[-] Searching now in DNSdumpster.. |
| 31 | +[-] Searching now in Virustotal.. |
| 32 | +[-] Searching now in ThreatCrowd.. |
| 33 | +[-] Searching now in SSL Certificates.. |
| 34 | +[-] Searching now in PassiveDNS.. |
| 35 | +Process DNSdumpster-8: |
| 36 | +Traceback (most recent call last): |
| 37 | + File "/Users/lzwjava/anaconda3/lib/python3.10/multiprocessing/process.py", line 314, in _bootstrap |
| 38 | + self.run() |
| 39 | + File "/Users/lzwjava/projects/Sublist3r/sublist3r.py", line 268, in run |
| 40 | + domain_list = self.enumerate() |
| 41 | + File "/Users/lzwjava/projects/Sublist3r/sublist3r.py", line 647, in enumerate |
| 42 | + token = self.get_csrftoken(resp) |
| 43 | + File "/Users/lzwjava/projects/Sublist3r/sublist3r.py", line 641, in get_csrftoken |
| 44 | + token = csrf_regex.findall(resp)[0] |
| 45 | +IndexError: list index out of range |
| 46 | +[!] Error: Virustotal probably now is blocking our requests |
| 47 | +[-] Total Unique Subdomains Found: 97 |
| 48 | +www.google.com |
| 49 | +accounts.google.com |
| 50 | +freezone.accounts.google.com |
| 51 | +adwords.google.com |
| 52 | +qa.adz.google.com |
| 53 | +answers.google.com |
| 54 | +apps-secure-data-connector.google.com |
| 55 | +audioads.google.com |
| 56 | +checkout.google.com |
| 57 | +mtv-da-1.ad.corp.google.com |
| 58 | +ads-compare.eem.corp.google.com |
| 59 | +da.ext.corp.google.com |
| 60 | +m.guts.corp.google.com |
| 61 | +m.gutsdev.corp.google.com |
| 62 | +login.corp.google.com |
| 63 | +mtv-da.corp.google.com |
| 64 | +mygeist.corp.google.com |
| 65 | +mygeist2010.corp.google.com |
| 66 | +proxyconfig.corp.google.com |
| 67 | +reseed.corp.google.com |
| 68 | +twdsalesgsa.twd.corp.google.com |
| 69 | +uberproxy.corp.google.com |
| 70 | +uberproxy-nocert.corp.google.com |
| 71 | +uberproxy-san.corp.google.com |
| 72 | +ext.google.com |
| 73 | +cag.ext.google.com |
| 74 | +cod.ext.google.com |
| 75 | +da.ext.google.com |
| 76 | +eggroll.ext.google.com |
| 77 | +fra-da.ext.google.com |
| 78 | +glass.ext.google.com |
| 79 | +glass-eur.ext.google.com |
| 80 | +glass-mtv.ext.google.com |
| 81 | +glass-twd.ext.google.com |
| 82 | +hot-da.ext.google.com |
| 83 | +hyd-da.ext.google.com |
| 84 | +ice.ext.google.com |
| 85 | +meeting.ext.google.com |
| 86 | +mtv-da.ext.google.com |
| 87 | +soaproxyprod01.ext.google.com |
| 88 | +soaproxytest01.ext.google.com |
| 89 | +spdy-proxy.ext.google.com |
| 90 | +spdy-proxy-debug.ext.google.com |
| 91 | +twd-da.ext.google.com |
| 92 | +flexpack.google.com |
| 93 | +www.flexpack.google.com |
| 94 | +accounts.flexpack.google.com |
| 95 | +gaiastaging.flexpack.google.com |
| 96 | +mail.flexpack.google.com |
| 97 | +plus.flexpack.google.com |
| 98 | +search.flexpack.google.com |
| 99 | +freezone.google.com |
| 100 | +www.freezone.google.com |
| 101 | +accounts.freezone.google.com |
| 102 | +gaiastaging.freezone.google.com |
| 103 | +mail.freezone.google.com |
| 104 | +news.freezone.google.com |
| 105 | +plus.freezone.google.com |
| 106 | +search.freezone.google.com |
| 107 | +gmail.google.com |
| 108 | +hosted-id.google.com |
| 109 | +jmt0.google.com |
| 110 | +aspmx.l.google.com |
| 111 | +alt1.aspmx.l.google.com |
| 112 | +alt2.aspmx.l.google.com |
| 113 | +alt3.aspmx.l.google.com |
| 114 | +alt4.aspmx.l.google.com |
| 115 | +gmail-smtp-in.l.google.com |
| 116 | +alt1.gmail-smtp-in.l.google.com |
| 117 | +alt2.gmail-smtp-in.l.google.com |
| 118 | +alt3.gmail-smtp-in.l.google.com |
| 119 | +alt4.gmail-smtp-in.l.google.com |
| 120 | +gmr-smtp-in.l.google.com |
| 121 | +alt1.gmr-smtp-in.l.google.com |
| 122 | +alt2.gmr-smtp-in.l.google.com |
| 123 | +alt3.gmr-smtp-in.l.google.com |
| 124 | +alt4.gmr-smtp-in.l.google.com |
| 125 | +vp.video.l.google.com |
| 126 | +m.google.com |
| 127 | +freezone.m.google.com |
| 128 | +mail.google.com |
| 129 | +freezone.mail.google.com |
| 130 | +misc.google.com |
| 131 | +misc-sni.google.com |
| 132 | +mtalk.google.com |
| 133 | +mx.google.com |
| 134 | +ics.prod.google.com |
| 135 | +sandbox.google.com |
| 136 | +cert-test.sandbox.google.com |
| 137 | +ecc-test.sandbox.google.com |
| 138 | +services.google.com |
| 139 | +talk.google.com |
| 140 | +upload.google.com |
| 141 | +dg.video.google.com |
| 142 | +upload.video.google.com |
| 143 | +wifi.google.com |
| 144 | +onex.wifi.google.com |
| 145 | +``` |
| 146 | + |
| 147 | +## Turbolist3r |
| 148 | + |
| 149 | +[Turbolist3r on GitHub](https://github.com/fleetcaptain/Turbolist3r) |
| 150 | + |
| 151 | +Based on [Sublist3r](https://github.com/aboul3la/Sublist3r) by Ahmed Aboul-Ela - @aboul3la |
| 152 | +Forked by Carl Pearson - [GitHub](https://github.com/fleetcaptain) |
| 153 | + |
| 154 | +```bash |
| 155 | +python turbolist3r.py -d google.com |
| 156 | +``` |
| 157 | + |
0 commit comments