Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/0x4f53/subblaster

lightspeed subdomain bruteforcing
https://github.com/0x4f53/subblaster

blackhat bruteforcing dns ejpt ejpt-cheatsheet ejpt-notes golang kali-linux oscp oscp-tools osint recon recon-tools reconnaissance subdomain-bruteforcing subdomain-enumeration subdomain-finder

Last synced: 2 months ago
JSON representation

lightspeed subdomain bruteforcing

Host: GitHub
URL: https://github.com/0x4f53/subblaster
Owner: 0x4f53
License: mit
Created: 2024-08-22T22:05:51.000Z (6 months ago)
Default Branch: main
Last Pushed: 2024-10-06T23:19:29.000Z (4 months ago)
Last Synced: 2024-12-02T07:44:59.836Z (2 months ago)
Topics: blackhat, bruteforcing, dns, ejpt, ejpt-cheatsheet, ejpt-notes, golang, kali-linux, oscp, oscp-tools, osint, recon, recon-tools, reconnaissance, subdomain-bruteforcing, subdomain-enumeration, subdomain-finder
Language: Go
Homepage:
Size: 497 KB
Stars: 3
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

        [![Golang](https://img.shields.io/badge/Golang-fff.svg?style=flat-square&logo=go)](https://go.dev)

[![License](https://img.shields.io/badge/License-MIT-purple?style=flat-square&logo=libreoffice)](LICENSE)

[![Latest Version](https://img.shields.io/github/v/tag/0x4f53/subblaster?label=Version&style=flat-square&logo=semver)](https://github.com/0x4f53/subblaster/releases)



# subblaster

Super-fast multi-source subdomain bruteforcer in Go.



**Note:** This is not a public subdomain enumerator and is not an efficient way to get pre-captured subdomains. If you need fast enumeration, please use pre-existing tools like [amass](https://github.com/owasp-amass/amass), [sublister](https://github.com/aboul3la/Sublist3r) etc.

### What is this then?

There are several domains whose subdomains are present in DNS records but aren't caught by popular enumeration services. These don't appear online due to them not being scraped by crawlers that these providers / security companies deploy. This tool is an attempt to maximize the speed of discovering them while minimizing the time taken.

## Features

- Customizable multi-source wordlists ([TheRook's subbrute](https://github.com/TheRook/subbrute), [Daniel Miessler's seclists](https://github.com/danielmiessler/SecLists) and more!)

- Multithreaded bruteforcing using Golang

- Multi-resolver subdomain resolution and port scanning in-built

- Multiple inputs, multiple outputs

## Usage 

```bash

# to build the program

go build

./subblaster 0x4f.in

```

Examples:

### Generate paired JSON outputs 

This helps generate output in the form of `{"subdomain": "www.example.com", "domain":"example.com"}`, useful for dumping to a 

DocumentDB

```bash                S U B B L A S T E R  

        (https://github.com/0x4f53/subblaster)

        A fast subdomain bruteforcer in Golang.

[⟳] Generating batches for bruteforcing...

[✓] Batching complete! Generated 1192 batches

[+] Bruteforcing...

./subblaster -p 0x4f.in

...

# In 0x4f.in.json

{"subdomain":"blog.0x4f.in","domain":"0x4f.in"}

{"subdomain":"www.0x4f.in","domain":"0x4f.in"}

```

### Refresh all seclists and delete cache

```bash

./subblaster -r

                S U B B L A S T E R  

        (https://github.com/0x4f53/subblaster)

        A fast subdomain bruteforcer in Golang.

[✓] Deleted all cache data

[↓] Downloading wordlists mentioned in lists.yaml

 - onelistforallshort.txt [2.82MB / 0b] ╢░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░╟  10.84kB/s

 - onelistforallshort.txt [12.19MB / 0b] ╢░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░╟  4.28kB/s

 - dns-Jhaddix.txt [10.40kB / 0b] ╢░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░╟  0b/s

 - alexaTop1mAXFRcommonSubdomains.txt [378.92kB / 0b] 

...

```

## Credits

- [Assetnote Wordlists](https://wordlists.assetnote.io/)

- [six2dez/OneListForAll](https://github.com/six2dez/OneListForAll)

- [fuzzdb-project/fuzzdb](https://github.com/fuzzdb-project/fuzzdb)

- [TheRook/subbrute](https://github.com/TheRook/subbrute)

- [danielmiessler/seclists](https://github.com/danielmiessler/SecLists)

The animated logo is derived from work by [Ryan Whiteside](https://flickr.com/whytseyed/).

## License

Multimedia licensed under [![License: CC BY-NC-SA 4.0](https://licensebuttons.net/l/by-nc-sa/4.0/80x15.png)](https://creativecommons.org/licenses/by-nc-sa/4.0/) 

[Copyright © 2024 Owais Shaikh](LICENSE)

## Donate

[Click here to donate](https://github.com/sponsors/0x4f53). It incentivizes me to develop more.