This blog is NOT OFFICIAL website of Kali Linux. We just share Tutorials to learn Cybersecurity.

Sublist3r -- Sub-Domain Enumeration Tool


Subdomain discovery is very essential for information gathering during penetration testing on web applications. There are lots of tools available for it. We need to use them and find our subdomains because it is possible to find subdomains with some valuable information or some bugs which may lead our penetration testing or bug hunting process.

In today's article we are going to discuss about how we can find subdomains using sublist3r on our Kali Linux system. Sublist3r is a Python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug bounty hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.

Sublist3r -- Sub-Domain Enumeration Tool  on Kali Linux

Subbrute is integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce technology with an improved password list.

Install & Use Sublist3r on Kali Linux

Enough discussion, let's install Sublist3r on our Kali Linux system. Sublist3r comes with Kali Linux repository and we can easily install it by applying following command:

sudo apt install sublist3r

This command will install sublist3r on our system, as we can see in the following screenshot:

installing sublist3r on Kali Linux

After the task is finished, we can use sublist3r on our system. First of all let's check it's help options by using following command:

sublist3r -h

In the following screenshot we can see the options of sublist3r tool.

sublist3r help options

Simply we can put a target domain to find it's subdomains by using -d flag. Lets check for subdomains of Google by using following command:

sublist3r -d

In the following screenshot we can see that sublist3r discovered subdomains of

Checking for Google subdomains

In the above screenshot we can see that we got almost 38k unique subdomains for

If we want to save all the subdomains in a text file then we can use -o flag. Then our command will be like following:

sublist3r -d -o Googlesubdomains.txt

By using above command we can save the subdomains list on a txt file with any name.

We also can search for subdomains of specific domain and show only subdomains which have open ports. We can specify our required open ports by using -p flag.

For an example if we want to check subdomains on domain which have port 80 and 443 is opened and save the output on a file named fbsubdomains.txt then we need to use following command:

sublist3r -d -p 80,443 -o fbsubdomains.txt

We can see in the following screenshot that we have discovered the subdomains of which have port 80 and port 443 opened and we saved the output on a text file.

facebook sublist3r subdomains

This is how we can perform subdomain enumeration using Sublist3r on our Kali Linux system. This is very useful for cybersecurity experts, during the recon process.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group and Whatsapp Channel. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Kali Linux


No comments
Post a Comment