Sublist3r – Subdomain Finder for Penetration Testing


One aspect of the information-gathering stage of penetration testing is to expand the attack surface of the target. Thus, we use Sublist3r, a subdomain finder. It is a simple and easy-to-use python programme that can be used to find subdomains of a target.

How to use Sublist3r

The example shown is executed on a Kali Linux machine. You can install it by following the documentation on their GitHub page. After installing sublit3r, make sure to navigate to the location of the sublilt3r python file.

To run sublist3r, use the command format:

python3 -d <domain>

Here you can see Sublit3r using multiple search engines like Baidu, Yahoo and Google to search for the target’s subdomains. At the bottom, we can see that 3 subdomains were found on

Here is an overview of the sublist3r help menu:

Issues you may face

You may encounter an error when you first try to run the program which prevents you from running the scan.

To fix this problem, you will have to edit the file. Simply replace the value of the “User-Agent” value that is in the “self.headers” variable with the user agent of your browser. You can find the user agent of your browser by searching “my user agent” on google.

From GitHub issue:


Sublit3r is a subdomain finder, that is used to expand the attack surface of a target by finding subdomains. We have only covered the basics of this tool but there are still many options, like brute forcing and specifying ports. So I recommend you explore these options to help optimize your search.

Related articles

5 Popular Open Source Tools for Reconnaissance

Wappalyzer – Website Technology Identifier for Pentesting

DNSrecon – DNS reconnaissance for Penetration Testing 

theHarvester – Email Harvesting & Social Engineering

Ffuf – URL Directory Finder/Fuzzer

Leave a Reply

Your email address will not be published. Required fields are marked *