← 返回命令列表

Linux command

sublist3r 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Enumerate subdomains

sublist3r -d [example.com]

Save to file

sublist3r -d [example.com] -o [subdomains.txt]

Use specific engines

sublist3r -d [example.com] -e [google,bing,virustotal]

Set threads

sublist3r -d [example.com] -t [10]

Enable bruteforce

sublist3r -d [example.com] -b

Verbose output

sublist3r -d [example.com] -v

Show ports

sublist3r -d [example.com] -p [80,443]

说明

sublist3r is an OSINT reconnaissance tool that discovers subdomains of a target domain by querying multiple search engines and data sources. It aggregates results from Google, Bing, Yahoo, Baidu, Ask, Netcraft, VirusTotal, and other sources to build a comprehensive list of subdomains. Beyond passive search engine enumeration, sublist3r can perform active DNS bruteforce using common subdomain wordlists. It also includes port scanning capabilities to identify which discovered subdomains have live services running on specified ports, helping prioritize targets during security assessments. The tool is designed for authorized penetration testing and bug bounty reconnaissance. Multi-threading support allows faster enumeration, and results can be saved to files for further processing by other security tools.

参数

-d, --domain _DOMAIN_
Target domain.
-o, --output _FILE_
Output file.
-e, --engines _LIST_
Search engines.
-b, --bruteforce
Enable bruteforce.
-t, --threads _N_
Thread count.
-p, --ports _PORTS_
Scan ports.
-v, --verbose
Verbose output.

FAQ

What is the sublist3r command used for?

sublist3r is an OSINT reconnaissance tool that discovers subdomains of a target domain by querying multiple search engines and data sources. It aggregates results from Google, Bing, Yahoo, Baidu, Ask, Netcraft, VirusTotal, and other sources to build a comprehensive list of subdomains. Beyond passive search engine enumeration, sublist3r can perform active DNS bruteforce using common subdomain wordlists. It also includes port scanning capabilities to identify which discovered subdomains have live services running on specified ports, helping prioritize targets during security assessments. The tool is designed for authorized penetration testing and bug bounty reconnaissance. Multi-threading support allows faster enumeration, and results can be saved to files for further processing by other security tools.

How do I run a basic sublist3r example?

Run `sublist3r -d [example.com]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -d, --domain _DOMAIN_ do in sublist3r?

Target domain.