Subbrute

Next we will install subbrute. It is amazingly fast and provides an extra layer of anonymity as it uses public resolvers to brute force the subdomains:

  1. The command here is again simple:
        git clone https://github.com/TheRook/subbrute.git

The following screenshot shows the preceding command:

  1. Or you can download and save it from https://github.com/TheRook/subbrute.
  2. Once the installation is complete we will need a wordlist for it to run for which we can download dnspop's list. This list can be used in the previous recipe too: https://github.com/bitquark/dnspop/tree/master/results.
  3. Once both are set up we browse into the subbrute's directory and run it using the following command:
        ./subbrute.py
  1. To run it against a domain with our wordlist we use the following command:
        ./subbrute.py -s /path/to/wordlist hostname.com
上一章目录下一章