Xiang Li
文章目录
- 1 信息收集的重要性
- 2 子域名&DNS解析
- 3 子域名探测的作用
- 4 在线收集子域名的工具
- 5 DNSenum
- 5.1 介绍
- 5.2 使用字典进行子域名爆破测试
- 6 sublist3r.py
1 信息收集的重要性
2 子域名&DNS解析
3 子域名探测的作用
4 在线收集子域名的工具
5 DNSenum
5.1 介绍
也可以直接 DNSenum 【目标】
5.2 使用字典进行子域名爆破测试
-f后是你写入的字典 或者默认的字典 最后加上目标即可
6 sublist3r.py
root@kali:~# git clone https://github.com/aboul3la/Sublist3r
正克隆到 'Sublist3r'...
remote: Enumerating objects: 4, done.
remote: Counting objects: 100% (4/4), done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 373 (delta 0), reused 2 (delta 0), pack-reused 369
接收对象中: 100% (373/373), 1.10 MiB | 41.00 KiB/s, 完成.
处理 delta 中: 100% (207/207), 完成.
root@kali:~# ls
Desktop Downloads Pictures Sublist3r Videos
Documents Music Public Templates zkaq.org_ips.txt
root@kali:~# pwd
/root
root@kali:~# cd Sublist3r/
root@kali:~/Sublist3r# ls
LICENSE README.md setup.py sublist3r.py
MANIFEST.in requirements.txt subbrute
root@kali:~/Sublist3r# cat requirements.txt
argparse
dnspython
requests
root@kali:~/Sublist3r# sudo pip install -r requirements.txt
Requirement already satisfied: argparse in /usr/lib/python2.7 (from -r requirements.txt (line 1)) (1.2.1)
Requirement already satisfied: dnspython in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 2)) (1.16.0)
Requirement already satisfied: requests in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line 3)) (2.22.0)
root@kali:~/Sublist3r# python sublist3r.py -d aqlab.cn
____ _ _ _ _ _____
/ ___| _ _| |__ | (_)___| |_|___ / _ __
\___ \| | | | '_ \| | / __| __| |_ \| '__|
___) | |_| | |_) | | \__ \ |_ ___) | |
|____/ \__,_|_.__/|_|_|___/\__|____/|_|
# Coded By Ahmed Aboul-Ela - @aboul3la
[-] Enumerating subdomains now for aqlab.cn
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
[-] Total Unique Subdomains Found: 2
kali01.lab.aqlab.cn
shop.aqlab.cn
root@kali:~/Sublist3r# python sublist3r.py -d aqlab.cn -p 80,443
____ _ _ _ _ _____
/ ___| _ _| |__ | (_)___| |_|___ / _ __
\___ \| | | | '_ \| | / __| __| |_ \| '__|
___) | |_| | |_) | | \__ \ |_ ___) | |
|____/ \__,_|_.__/|_|_|___/\__|____/|_|
# Coded By Ahmed Aboul-Ela - @aboul3la
[-] Enumerating subdomains now for aqlab.cn
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
[-] Total Unique Subdomains Found: 2
[-] Start port scan now for the following ports: 80,443
kali01.lab.aqlab.cn - Found open ports: 80, 443
shop.aqlab.cn - Found open ports: 80, 443
root@kali:~# ls
Desktop Downloads Pictures Sublist3r Videos
Documents Music Public Templates zkaq.org_ips.txt
root@kali:~# cd Sublist3r/
root@kali:~/Sublist3r# ls
LICENSE README.md setup.py sublist3r.py
MANIFEST.in requirements.txt subbrute
root@kali:~/Sublist3r# python sublist3r.py -d qq.com
____ _ _ _ _ _____
/ ___| _ _| |__ | (_)___| |_|___ / _ __
\___ \| | | | '_ \| | / __| __| |_ \| '__|
___) | |_| | |_) | | \__ \ |_ ___) | |
|____/ \__,_|_.__/|_|_|___/\__|____/|_|
# Coded By Ahmed Aboul-Ela - @aboul3la
[-] Enumerating subdomains now for qq.com
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
[-] Total Unique Subdomains Found: 199
0.qq.com
021.qq.com
1.qq.com
10.qq.com
100.qq.com
1000.qq.com
pick.101.qq.com
110.qq.com
111.qq.com
1111.qq.com
2020.qq.com
3gimg.qq.com
51.qq.com
520.qq.com
81.qq.com
ac.qq.com
adsgroup.qq.com
adshmct.qq.com
adsqqclick.qq.com
adstextview.qq.com
adsview2.qq.com
analy.qq.com
app.qq.com
appimg.qq.com
aps0040.qq.com
aps0550.qq.com
aq.qq.com
btrace.qq.com
chwl.qq.com
client.qq.com
connect.qq.com
coral.qq.com
ct10000.qq.com
dc.qq.com
dldir1.qq.com
dldir3.qq.com
dlied6.qq.com
docs.qq.com
down.qq.com
down-update.qq.com
dp3.qq.com
e.qq.com
esales.qq.com
ex.qq.com
fodder.qq.com
fs-conn-doctor.qq.com
fs_bt.qq.com
fw.qq.com
gamecredit.qq.com
games.qq.com
gamesafe.qq.com
gas-storage-1.qq.com
graph.qq.com
hudong.qq.com
i.qq.com
id.qq.com
ied-tqosdl.qq.com
imgcache.qq.com
ireader.qq.com
is.qq.com
iwan.qq.com
kf.qq.com
l.qq.com
map.qq.com
masterconn11.qq.com
mb.qq.com
msdk.qq.com
mtrace.qq.com
muse.qq.com
mx0.qq.com
mx3.qq.com
mxbiz1.qq.com
my2010.qq.com
nd.qq.com
news.qq.com
now.qq.com
omgid.qq.com
onedata.qq.com
openmobile.qq.com
pdlxf.qq.com
pick101.qq.com
pingfore.qq.com
pingma.qq.com
pingmid.qq.com
pingtas.qq.com
qb.qq.com
qbquery.qq.com
qm.qq.com
qqlogo.qq.com
qqun.qq.com
sharechain.qq.com
sl.qq.com
smtpbg10.qq.com
smtpbg100.qq.com
smtpbg11.qq.com
smtpbg140.qq.com
smtpbg141.qq.com
smtpbg150.qq.com
smtpbg151.qq.com
smtpbg160.qq.com
smtpbg161.qq.com
smtpbg170.qq.com
smtpbg171.qq.com
smtpbg180.qq.com
smtpbg181.qq.com
smtpbg20.qq.com
smtpbg200.qq.com
smtpbg201.qq.com
smtpbg220.qq.com
smtpbg221.qq.com
smtpbg251.qq.com
smtpbg260.qq.com
smtpbg261.qq.com
smtpbg270.qq.com
smtpbg280.qq.com
smtpbg290.qq.com
smtpbg30.qq.com
smtpbg301.qq.com
smtpbg31.qq.com
smtpbg320.qq.com
smtpbg321.qq.com
smtpbg330.qq.com
smtpbg331.qq.com
smtpbg340.qq.com
smtpbg341.qq.com
smtpbg350.qq.com
smtpbg351.qq.com
smtpbg360.qq.com
smtpbg361.qq.com
smtpbg370.qq.com
smtpbg371.qq.com
smtpbg380.qq.com
smtpbg401.qq.com
smtpbg410.qq.com
smtpbg411.qq.com
smtpbg420.qq.com
smtpbg421.qq.com
smtpbg430.qq.com
smtpbg431.qq.com
smtpbg440.qq.com
smtpbg441.qq.com
smtpbg450.qq.com
smtpbg451.qq.com
smtpbg460.qq.com
smtpbg461.qq.com
smtpbg470.qq.com
smtpbg471.qq.com
smtpbg480.qq.com
smtpbg501.qq.com
smtpbg510.qq.com
smtpbg511.qq.com
smtpbg520.qq.com
smtpbg550.qq.com
smtpbg551.qq.com
smtpbg560.qq.com
smtpbg561.qq.com
smtpbg570.qq.com
smtpbg571.qq.com
smtpbg590.qq.com
smtpbg600.qq.com
smtpbg601.qq.com
smtpbg701.qq.com
smtpproxy10.qq.com
smtpproxy11.qq.com
smtpproxy20.qq.com
smtpproxy21.qq.com
smtpproxy30.qq.com
smtpproxy31.qq.com
stun-a1.qq.com
support.qq.com
syzs.qq.com
t.qq.com
tajs.qq.com
tcc.qq.com
tcss.qq.com
tdc.qq.com
tmapp.qq.com
tongba.qq.com
tpns.qq.com
u0.qq.com
upload_data.qq.com
v.qq.com
vip.qq.com
vmp.qq.com
walk.qq.com
weixin110.qq.com
wifi.qq.com
win.qq.com
wp.qq.com
wpa.qq.com
wspeed.qq.com
wtlogin1.qq.com
wuxia.qq.com
wx.qq.com
x10.qq.com
xw.qq.com
ysdk.qq.com
yybcoupon.qq.com
zc.qq.com
root@kali:~/Sublist3r#
root@kali:~/Sublist3r# python sublist3r.py -d qq.com -o qq.txt
____ _ _ _ _ _____
/ ___| _ _| |__ | (_)___| |_|___ / _ __
\___ \| | | | '_ \| | / __| __| |_ \| '__|
___) | |_| | |_) | | \__ \ |_ ___) | |
|____/ \__,_|_.__/|_|_|___/\__|____/|_|
# Coded By Ahmed Aboul-Ela - @aboul3la
[-] Enumerating subdomains now for qq.com
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
HTTPSConnectionPool(host='dnsdumpster.com', port=443): Read timed out. (read timeout=25)
Process DNSdumpster-8:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 267, in _bootstrap
self.run()
File "sublist3r.py", line 269, in run
domain_list = self.enumerate()
File "sublist3r.py", line 648, in enumerate
self.extract_domains(post_resp)
File "sublist3r.py", line 660, in extract_domains
results_tbl = tbl_regex.findall(resp)[0]
TypeError: expected string or buffer
[-] Saving results to file: qq.txt
[-] Total Unique Subdomains Found: 100
3gimg.qq.com
ac.qq.com
adsgroup.qq.com
adshmct.qq.com
adsqqclick.qq.com
adstextview.qq.com
adsview2.qq.com
analy.qq.com
app.qq.com
appimg.qq.com
aq.qq.com
btrace.qq.com
chwl.qq.com
client.qq.com
connect.qq.com
coral.qq.com
dc.qq.com
dldir1.qq.com
dldir3.qq.com
dlied6.qq.com
docs.qq.com
down.qq.com
down-update.qq.com
dp3.qq.com
e.qq.com
esales.qq.com
ex.qq.com
fodder.qq.com
fs-conn-doctor.qq.com
fs_bt.qq.com
fw.qq.com
gamecredit.qq.com
games.qq.com
gamesafe.qq.com
graph.qq.com
hudong.qq.com
i.qq.com
id.qq.com
ied-tqosdl.qq.com
imgcache.qq.com
ireader.qq.com
is.qq.com
iwan.qq.com
kf.qq.com
l.qq.com
map.qq.com
masterconn11.qq.com
mb.qq.com
msdk.qq.com
mtrace.qq.com
muse.qq.com
mx3.qq.com
mxbiz1.qq.com
nd.qq.com
news.qq.com
now.qq.com
omgid.qq.com
onedata.qq.com
openmobile.qq.com
pdlxf.qq.com
pingfore.qq.com
pingma.qq.com
pingmid.qq.com
pingtas.qq.com
qb.qq.com
qbquery.qq.com
qm.qq.com
qqlogo.qq.com
qqun.qq.com
sharechain.qq.com
sl.qq.com
stun-a1.qq.com
support.qq.com
syzs.qq.com
t.qq.com
tajs.qq.com
tcc.qq.com
tcss.qq.com
tdc.qq.com
tmapp.qq.com
tongba.qq.com
tpns.qq.com
upload_data.qq.com
v.qq.com
vip.qq.com
vmp.qq.com
walk.qq.com
weixin110.qq.com
wifi.qq.com
win.qq.com
wp.qq.com
wpa.qq.com
wspeed.qq.com
wtlogin1.qq.com
wuxia.qq.com
wx.qq.com
xw.qq.com
ysdk.qq.com
yybcoupon.qq.com
zc.qq.com
root@kali:~/Sublist3r#
root@kali:~/Sublist3r# cat qq.txt
3gimg.qq.com
ac.qq.com
adsgroup.qq.com
adshmct.qq.com
adsqqclick.qq.com
adstextview.qq.com
adsview2.qq.com
analy.qq.com
app.qq.com
appimg.qq.com
aq.qq.com
btrace.qq.com
chwl.qq.com
client.qq.com
connect.qq.com
coral.qq.com
dc.qq.com
dldir1.qq.com
dldir3.qq.com
dlied6.qq.com
docs.qq.com
down.qq.com
down-update.qq.com
dp3.qq.com
e.qq.com
esales.qq.com
ex.qq.com
fodder.qq.com
fs-conn-doctor.qq.com
fs_bt.qq.com
fw.qq.com
gamecredit.qq.com
games.qq.com
gamesafe.qq.com
graph.qq.com
hudong.qq.com
i.qq.com
id.qq.com
ied-tqosdl.qq.com
imgcache.qq.com
ireader.qq.com
is.qq.com
iwan.qq.com
kf.qq.com
l.qq.com
map.qq.com
masterconn11.qq.com
mb.qq.com
msdk.qq.com
mtrace.qq.com
muse.qq.com
mx3.qq.com
mxbiz1.qq.com
nd.qq.com
news.qq.com
now.qq.com
omgid.qq.com
onedata.qq.com
openmobile.qq.com
pdlxf.qq.com
pingfore.qq.com
pingma.qq.com
pingmid.qq.com
pingtas.qq.com
qb.qq.com
qbquery.qq.com
qm.qq.com
qqlogo.qq.com
qqun.qq.com
sharechain.qq.com
sl.qq.com
stun-a1.qq.com
support.qq.com
syzs.qq.com
t.qq.com
tajs.qq.com
tcc.qq.com
tcss.qq.com
tdc.qq.com
tmapp.qq.com
tongba.qq.com
tpns.qq.com
upload_data.qq.com
v.qq.com
vip.qq.com
vmp.qq.com
walk.qq.com
weixin110.qq.com
wifi.qq.com
win.qq.com
wp.qq.com
wpa.qq.com
wspeed.qq.com
wtlogin1.qq.com
wuxia.qq.com
wx.qq.com
xw.qq.com
ysdk.qq.com
yybcoupon.qq.com
zc.qq.com
root@kali:~/Sublist3r#