Code Monkey home page Code Monkey logo

subbrute's Introduction

subdomain-bruteforcer v1.0

This is a (fast) multi-threaded python tool for enumerating subdomains. This tool also contains a large list of real subdomains that you will find in the wild. Basically I was fed up with fierce / fierce2, and every other tool I used so I wrote something way faster in python. This tool will "just work", and work well. By default this tool performs subdomain enumeration about 8 times faster than Fierce, and can chew through 31k lookups in about 5 minutes on a home cable connection.

Why is this tool so fast?

Other multi-threaded subdomain enumeration tools that I have seen are bottlenecked by using a single resolver. In SubBrute, each thread is given its own slice of the resolvers list (resolvers.txt) so that a single resolver isn't overwhelmed. The subdomain list (subs.txt) is sorted by frequency, so this tool will return the most common domains quickly.

Using some creative google hacks I put together a disorganized list of well over a million domain names, I then used a regex to rip out the subdomains and then sorted them by frequency. You can also use this data-mangling feature by using using this simple command: python subroute.py -f full.html > my_subs.txt

I used this feature to create subs.txt which contains 31291 subdomains. subs_small.txt was stolen from fierce2 which contains 1896 subdomains. If you find more subdomains to add, open a bug report and I'll be happy to add them!

Easy to install: You just need http://www.dnspython.org/ and python2.7 or python3. This tool should work under any operating system: bsd, osx, windows, linux...

(On a side note giving a makefile root always bothers me, it would be a great way to install a backdoor...)

Under Ubuntu/Debian all you need is:

sudo apt-get install python-dnspython

On other operating systems you may have to install dnspython manually:

http://www.dnspython.org/

Easy to use:

./subbrute.py google.com

Tests multiple domains: ./subbrute.py google.com gmail.com blogger.com

or a newline delimited list of domains: ./subbrute.py -t list.txt

Also keep in mind that subdomains can have subdomains (example: _xmpp-server._tcp.gmail.com):

./subbrute.py gmail.com > gmail.out

./subbrute.py -t gmail.out

Cheers!

subbrute's People

Contributors

therook avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.