上QQ阅读APP看书,第一时间看更新
Subfinder
Subfinder is considered as a successor to sublist3r. It is amazingly fast and finds valid subdomains using passive online sources such as Ask, Archive.is, Baidu, Bing, Censys, CertDB, CertSpotter, Commoncrawl, CrtSH, DnsDB and so on.
- Install subfinder. It needs Go to be installed, which we can install by using the following command:
apt install golang
The following screenshot shows the output of the preceding command:
- Next, we clone subfinder by using the following command:
git clone https://github.com/subfinder/subfinder.git
The following screenshot shows the output of the preceding command:
Or you can download and save it from https://github.com/subfinder/subfinder.
- To install subfinder, we go to the cloned directory and run the go build command.
- Once the installation is complete, we will need a wordlist for it to run, so we can download dnspop's list. This list can be used in the previous recipe too: https://github.com/bitquark/dnspop/tree/master/results.
- Now that both are set up, we browse into subfinder's directory and run it using the ./subfinder -h command.
The following screenshot shows the output of the preceding command:
- To run it against a domain with our wordlist, we use the following command:
./subfinder -w /path/to/wordlist -d hostname.com
If we do not specify a wordlist the tool will run with a default wordlist as shown in the following screenshot:
Once the enumeration is complete, the output will be shown onscreen as follows:
- Subfinder is also designed to work with services such as shodan, censys, and virustotal, but they need to be configured in the config.json file shown here:
