Sub domain harvesting

Alright so the title says it all. There are many tools which lets you lookup sub domains. here is one called subbrute.

 

https://github.com/TheRook/subbrute

 

This tool lets you enumerate sub domains, options are simple and very easy to use. you can directly run python package, also Prerequisite is dnspython. install dnspython using following command.

 

sudo apt-get install python-dnspython

 

once dnspython installed go ahead and use git clone to pull repo. to use tool its simple as ./subroot.py , use it coupled with h option to see options.

Example 1 : ./subroot.py example.com

Example 2 : ./subroot.py example1.com example2.com

Example 3: ./subroot.py example.com > savefile.txt [ to save output to file]

 

once you obtained sub domain ip addresses you will need to use NMAP to find services and ports open and take it from there.

0 Comments

Leave a Reply

Your email address will not be published.