-->

Monday, January 6, 2020

Top 2 Tools For Kali Linux Users To Find Subdomains of Websites
It is not that easy to find subdomains of websites by only searching different keywords on Google related to that website.

Google doesn't look at the subdomains as a part of the root domain. Google treats subdomains as different domains.

That is why we can't find subdomains of websites by only searching on Google.

Most websites with large resources create subdomains to organize and categorize their resources to make them user-friendly.

Sometimes we need or we want to know subdomains of some websites. We may get one or two subdomains of our websites by searching on the different search engines, but we will not get them all.

What can we do without doing so much effort?

If you are a Linux user, the list of tools we are going to discuss here might help you. These tools are a new generation and they have a lot of functionality. 

Let's see if these tools are useful or not.

#Tool 1: Subdomain3

Using this tool you can find out subdomains, IP addresses, CDN of the target website. To install it, fire up your Kali Linux machine and download it from Github.

Now, its time to configure to work on Kali Linux.

1. Navigate to the directory where you have downloaded it and expand it.

2. Satisfy the requirements by launching the "requirement.txt" script. Use the command given below.

pip install -r requirement.txt

3. Go to the "subdomain3" folder, create a new folder and name it "result". If you don't create a result folder, you will get the following error.

[Errno2] No such file or directory: result/example.com

4. Now launch the Subdomain3 tool using the commands given below.

python3 brutedns.py -d example.com -s high -l 5
Top 4 Tools For Kali Linux Users To Find Subdomains of Websites

Here we've set the configuration all high but you can customize them according to you. See the usage table to know the options you can use.

Usage

Short form                          Long form                             Description

-d                                        domain                                 example.com
-s                                        speed                                    high, medium, low
-l                                         level                                       2:w.example.com
-f                                         file                                          list of target domains
-c                                        CNAME                                  collect cname, Y or N
-ns                                      default DNS                           Y or N
-f1                                       subfile                                   sub dict
-f2                                        next sub dict                        
-f3                                        other file                      subdomain logs from search engines      

#Tool 2: Turbolist3r

Turbolist3r looks for public DNS information. This tool is used to discover subdomains and perform advanced analysis on them. It is a fork of the sublist3r tool and pretty much the same with the subdomain3 tool.

Download Turbolist3r from Github and navigate to the directory where you've downloaded it and expand it.

Now, install it on Kali Linux.

1. Satisfy the requirements by running the "requirements.txt" file. Use the following command.

pip install -r requirements.txt

2. Launch Turbolist3r using the command given below.

python turbolist3r.py -d example.com -a --saverdns example.txt
Top 4 Tools For Kali Linux Users To Find Subdomains of Websites

3.  View the options you can use by using the command given below.

python turbolist3r.py -h

Here we added some examples for advanced use.

  • To perform advanced analysis on a list of subdomains.
          python turbolist3r.py -d example.com --inputfile subdomains.txt
  • To enumerate subdomains with Bruteforce module enabled.
           python turbolist3r.py -b -d example.com 
  • Set specific search engines to enumerate subdomains.
           python turbolist3r.py -e google, yahoo, Yandex -d example.com

It has many features. We explained only some of them. Explore them yourself!

Conclusion

There are many tools on the Internet that can be used to find and analyze subdomains. We've tested most of them and found these two tools error-free and advanced.

These tools have many advanced features we haven't discussed. But you can explore them and let us know!

What's your opinion about these two tools? did you find them helpful? Let us know in the comment box.

Comments 0

Thanks for visiting us. Please Do comment with a valid name. Don't comment as Unknown.
(Warning: Do not spam in the comment box. Repetitive comments will not be moderated.)
EmoticonEmoticon