本文介绍了一款名为subDomainsBrute的子域名收集工具,通过使用该工具可以有效地进行子域名爆破并收集相关信息。文章详细展示了如何从GitHub上下载安装此工具,并提供了具体的命令行操作步骤及示例。
工具GIthub地址:https://github.com/lijiejie/subDomainsBrute
首先,使用git clone 下载到本地的/opt/目录
git clone https://github.com/lijiejie/subDomainsBrute
接着,查看subDomainsBrute里面的文件
cd subDomainsBrute
ls
dict lib README.md screenshot.png subDomainsBrute.py
其中dict为字典文件,里面文件如下:
dns_servers.txt next_sub.txt subnames_all_5_letters.txt subnames.txt
next_sub_full.txt sample_qq.com.txt subnames_full.txt
lib为库文件,内容如下:
ll lib/
总用量 12
-rw-r--r-- 1 root root 2739 12月 7 19:15 consle_width.py
-rw-r--r-- 1 root root 3011 12月 7 19:36 consle_width.pyc
-rw-r--r-- 1 root root 0 12月 7 19:15 __init__.py
-rw-r--r-- 1 root root 123 12月 7 19:36 __init__.pyc
screenshot.png 为使用截图
首先查看帮助信息
python subDomainsBrute.py -h
Usage: subDomainsBrute.py [options] target.com
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-f FILE File contains new line delimited subs, default is
subnames.txt.
--full Full scan, NAMES FILE subnames_full.txt will be used
to brute
-i, --ignore-intranet
Ignore domains pointed to private IPs
-t THREADS, --threads=THREADS
Num of scan threads, 100 by default
-o OUTPUT, --output=OUTPUT
Output file name. default is {target}.txt
使用subDomainsBrute做一个简单子域名收集
python subDomainsBrute.py csdn.net
[+] Validate DNS servers ...
[+] Check DNS Server 223.5.5.5 < OK > Found 4
[+] Found 4 available DNS Servers in total
[+] Load next level subs ...
[+] Load sub names ...
Traceback (most recent call last):
File "subDomainsBrute.py", line 331, in <module>
d = SubNameBrute(target=args[0], options=options)
File "subDomainsBrute.py", line 48, in __init__
self.outfile = open(outfile, 'w')
IOError: [Errno 13] Permission denied: 'csdn.net.txt'
报了一个错,这个错误是由于没有权限写入导致的,加上sudo即可
sudo python subDomainsBrute.py csdn.net
[sudo] wyy 的密码:
[+] Validate DNS servers ...
[+] Check DNS Server 182.254.116.116 < OK > Found 4
[+] Found 4 available DNS Servers in total
[+] Load next level subs ...
[+] Load sub names ...
www.csdn.net 101.201.172.229
search.csdn.net 101.201.173.208
mail.csdn.net 183.3.226.105
passport.csdn.net 101.201.169.146
forum.csdn.net 101.200.29.173
ss.csdn.net 101.201.170.152
blog.csdn.net 47.95.165.112
pay.csdn.net 101.201.171.118
my.csdn.net 101.201.170.152
baidu.csdn.net 101.201.178.158
news.csdn.net 101.201.170.152
server.csdn.net 101.201.171.118
dev.csdn.net 115.124.18.138
club.csdn.net 101.201.171.118
so.csdn.net 101.201.173.208
admin.csdn.net 101.201.172.229
task.csdn.net 101.201.171.118
bbs.csdn.net 101.200.29.173
edu.csdn.net 101.201.171.118
order.csdn.net 101.201.171.118
static.csdn.net 222.186.49.239
platform.csdn.net 101.201.178.158
data.csdn.net 101.201.173.208
open.csdn.net 101.201.172.229
m.csdn.net 101.201.170.152
api.csdn.net 101.201.172.229
mail.dev.csdn.net 115.124.18.138
biz.csdn.net 121.40.38.37
sd.csdn.net 101.201.170.152
its.csdn.net 101.201.178.158
ads.csdn.net 101.201.174.163
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
