Subdomain enumeration is a critical step in the reconnaissance phase of bug bounty hunting. It involves identifying all the subdomains associated with a target domain. This process helps in uncovering additional attack surfaces that could be exploited.
How to Perform Subdomain Enumeration Using Sublist3r in Kali Linux
Step 1: Install Sublist3r
Sublist3r is a popular tool for subdomain enumeration. To install it on Kali Linux, follow these steps:
- Open your terminal.
- Clone the Sublist3r repository from GitHub:
git clone https://github.com/aboul3la/Sublist3r.git
- Navigate to the Sublist3r directory:
cd Sublist3r
- Install the required dependencies:
sudo pip install -r requirements.txt
Step 2: Enumerate Subdomains
Once Sublist3r is installed, you can start enumerating subdomains for your target domain.
- In the terminal, run Sublist3r with the following command:
python sublist3r.py -d example.com
Example: Enumerating Subdomains for example.com
Let’s say you want to enumerate subdomains for example.com. The command would look like this:
python sublist3r.py -d example.com
Explanation of the Command:
python sublist3r.py: Executes the Sublist3r script.-d example.com: Specifies the target domain (example.com) for which you want to find subdomains.
Output:
Sublist3r will start querying various sources and will output a list of discovered subdomains for example.com.
Additional Options:
Sublist3r has several options that can be used to customize the enumeration process:
-b: Enable the use of the Bing search engine.-e: Specify which search engines to use (e.g.,-e Bing,Yahoo,Google).-o: Output the results to a file (e.g.,-o subdomains.txt).
For instance, to save the output to a file, you can use:
python sublist3r.py -d example.com -o subdomains.txt
Conclusion:
Subdomain enumeration is a fundamental technique in bug bounty hunting, and tools like Sublist3r make the process efficient and straightforward. By identifying subdomains, you can discover additional points of entry and increase your chances of finding vulnerabilities.