子域名搜集

上一篇说到了基于字典爆破的子域名搜集,这一篇讲一下基于搜索的子域名搜集。

由于有些网站的子域名非常独特,字典上是没有的。

Sublist3r

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
git clone https://github.com/Plazmaz/Sublist3r.git /opt/Sublist3r
cd /opt/Sublist3r
pip install -r requirements.txt
python sublist3r.py -d yahoo.com -t 50 -p 80,443,21,22
运行报了一个错
Traceback (most recent call last):
  File "sublist3r.py", line 78, in <module>
    takeover_check=takeover_check, engines=engines)
  File "sublist3r.py", line 59, in main
    return scanner.scan()
  File "/opt/Sublist3r/subscann3r.py", line 87, in scan
    e.run()
  File "/opt/Sublist3r/engines/engine.py", line 39, in run
    domain_list = self.enumerate()
  File "/opt/Sublist3r/engines/engine.py", line 418, in enumerate
    token = self.get_csrftoken(resp)
  File "/opt/Sublist3r/engines/engine.py", line 413, in get_csrftoken
    token = csrf_regex.findall(resp)[0]
IndexError: list index out of range

于是使用

1
2
3
git clone https://github.com/aboul3la/Sublist3r /opt/sublist3r
cd /opt/sublist3r
python sublist3r.py -d google.com

22

subbrute

1
2
3
4
git clone https://github.com/Plazmaz/Sublist3r.git /opt/Sublist3r
cd /opt/Sublist3r/subbrute
chmod +x subbrute.py
./subbrute.py google.com

wydomain

1
2
3
4
5
6
7
8
9
git clone https://github.com/ring04h/wydomain /opt/wydomain
cd /opt/wydomain
pip install -r requirements.txt

python wydomain.py -h
python wydomain.py -d google.com -o out.txt

搜索结果是1022个子域名。
cat /opt/wydomain/out.txt

23