Sub domain harvesting

Alright so the title says it all. There are many tools which lets you lookup sub domains. here is one called subbrute.


This tool lets you enumerate sub domains, options are simple and very easy to use. you can directly run python package, also Prerequisite is dnspython. install dnspython using following command.


sudo apt-get install python-dnspython


once dnspython installed go ahead and use git clone to pull repo. to use tool its simple as ./ , use it coupled with h option to see options.

Example 1 : ./

Example 2 : ./

Example 3: ./ > savefile.txt [ to save output to file]


once you obtained sub domain ip addresses you will need to use NMAP to find services and ports open and take it from there.


