Sublist3r and how it works

Bobbycreed · April 18, 2020, 11:49am

Hey guys, I want to know about sublist3r and how it works thanks…

S1L3nt78 · April 19, 2020, 8:20pm

Just look it up on youtube. There are plenty of tutorials. Dont be lazy and make someone have to type an entire booklet

MrRobot · April 21, 2020, 1:03pm

It actually uses every technique to find the subdomains

such as using google dorks

1. site:{domain} -site:www.{domain}
2. site:{domain} -www.{domain}
3. domain:{domain} -www.{domain}

by making requests to different search engines and sites

#Example

# 1. Netcraft
https://searchdns.netcraft.com/?restriction=site+ends+with&host={domain}

# 2. Virustotal
https://www.virustotal.com/ui/domains/{domain}/subdomains

# 3. ThreadCrowd
https://www.threatcrowd.org/searchApi/v2/domain/report/?domain={domain}

# 4. Baidu
https://www.baidu.com/s?pn={page_no}&wd={query}&oq={query}

# 5. Bing
https://www.bing.com/search?q={query}&go=Submit&first={page_no}

#6. Ask
http://www.ask.com/web?q={query}&page={page_no}&qid=8D6EE6BF52E0C04527E51F64F22C4534&o=0&l=dir&qsrc=998&qo=pagination

# 7. Yahoo
https://search.yahoo.com/search?p={query}&b={page_no}

# 8. Google
https://google.com/search?q={query}&btnG=Search&hl=en-US&biw=&bih=&gbv=1&start={page_no}&filter=0

And then atlast, just removes the duplicate entries, and make a final list of subdomains

Also, It has a built-in wordlist which is used to bruteforce the guessable subdomains of target website.

It is a very simple tool, and as it is a open source project, just explore the tool and learn more