is a python tool designed to enumerate subdomains of websites using . It helps penetration testers and bug hunters collect and for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.
This very nice tool is hosted on github, though when I last checked there were some complain about it failing with some of it's engine mentioned above.
How to set sublist3r
git clone https://github.com/about3la/Sublist3r.git
Then where you have cloned the repository python3 setup.py install
Then you can just run it like usual linux commands sublist3r -d nmmapper.com
Dnscan is a python wordlist-based DNS subdomain scanner.The script will first try to perform a zone transfer using each of the target domain's nameservers. If this fails, it will lookup TXT and MX records for the domain, and then perform a recursive subudomain scan using the supplied wordlist.
The tool is wordlist based, which means it will use it's internal wordlist to attempt to check if the subdomain truely exists. Some of the wordlist it contains include
How to install and use Anubis
sudo apt-get install python3-pip python-dev libssl-dev libffi-dev
When it comes to installing anubis you have over two powerful choices to choose from
To install with pip3 you will do something like this
pip3 install anubis-netsec
To install with snap
snap install anubis
That's all you need to install anubis pretty easy compared with others and after the installation you can use it like this;
anubis -t nmmapper.com
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques
Techniques used by Amass
DNS: Basic enumeration, Brute forcing(optional)...
Scraping: Ask, Baidu, Bing, DNSDumpster, DNSTable, Exalead, Google...
Install Amass
To install amass you must have snap install on your system
sudo snap install amass
Add the Snap bin directory to your PATH:
export PATH=$PATH:/snap/bin
amass enum -d nmmapper.com
This nmap's script attempts to enumerate DNS hostnames by brute force guessing of common subdomains. With the dns-brute.srv argument, dns-brute will also try to enumerate common DNS SRV records.
nmap --script dns-brute
Lepus is a utility for identifying and collecting subdomains for a given domain. Subdomain discovery is a crucial part during the reconnaissance phase. It uses four (4) modes
Services (Collecting subdomains from the below services)
Dictionary mode for identifying domains (optional)
Permutations on discovered subdomains (optional)
Reverse DNS lookups on identified public IPs (optional)
Features of Lepus
The fastest and cross-platform subdomain enumerator, don't waste your time. It's cross-platform makes it ideal for all users no matter the platform.
Features of Findomain
Subdomains monitoring: put data to Discord, Slack or Telegram webhooks
Multi-thread support for API querying
Parallel support for subdomains resolution
Specific IPv4 or IPv6 query support.
Discover subdomains without brute-force
Discover only resolved subdomains