One aspect of the information-gathering stage of penetration testing is to expand the attack surface of the target. Thus, we use Sublist3r, a subdomain finder. It is a simple and easy-to-use python programme that can be used to find subdomains of a target.
How to use Sublist3r
The example shown is executed on a Kali Linux machine. You can install it by following the documentation on their GitHub page. After installing sublit3r, make sure to navigate to the location of the sublilt3r python file.
To run sublist3r, use the command format:
python3 sublit3r.py -d <domain>
Here you can see Sublit3r using multiple search engines like Baidu, Yahoo and Google to search for the target’s subdomains. At the bottom, we can see that 3 subdomains were found on tastyfix.com.
Here is an overview of the sublist3r help menu:
Issues you may face
You may encounter an error when you first try to run the program which prevents you from running the scan.
To fix this problem, you will have to edit the sublit3r.py file. Simply replace the value of the “User-Agent” value that is in the “self.headers” variable with the user agent of your browser. You can find the user agent of your browser by searching “my user agent” on google.
From GitHub issue: https://github.com/aboul3la/Sublist3r/issues/336#issuecomment-1290722481
Sublit3r is a subdomain finder, that is used to expand the attack surface of a target by finding subdomains. We have only covered the basics of this tool but there are still many options, like brute forcing and specifying ports. So I recommend you explore these options to help optimize your search.