子域名**subDomainsBrute的简单使用
工具GIthub地址:https://github.com/lijiejie/subDomainsBrute
首先,使用git clone 下载到本地的/opt/目录
git clone https://github.com/lijiejie/subDomainsBrute
接着,查看subDomainsBrute里面的文件
cd subDomainsBrute
ls
dict lib README.md screenshot.png subDomainsBrute.py
其中dict为字典文件,里面文件如下:
dns_servers.txt next_sub.txt subnames_all_5_letters.txt subnames.txt
next_sub_full.txt sample_qq.com.txt subnames_full.txt
lib为库文件,内容如下:
ll lib/
总用量 12
-rw-r--r-- 1 root root 2739 12月 7 19:15 consle_width.py
-rw-r--r-- 1 root root 3011 12月 7 19:36 consle_width.pyc
-rw-r--r-- 1 root root 0 12月 7 19:15 __init__.py
-rw-r--r-- 1 root root 123 12月 7 19:36 __init__.pyc
screenshot.png 为使用截图
首先查看帮助信息
python subDomainsBrute.py -h
Usage: subDomainsBrute.py [options] target.com
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-f FILE File contains new line delimited subs, default is
subnames.txt.
--full Full scan, NAMES FILE subnames_full.txt will be used
to brute
-i, --ignore-intranet
Ignore domains pointed to private IPs
-t THREADS, --threads=THREADS
Num of scan threads, 100 by default
-o OUTPUT, --output=OUTPUT
Output file name. default is {target}.txt
使用subDomainsBrute做一个简单子域名收集
python subDomainsBrute.py ****.net
[+] Validate DNS servers ...
[+] Check DNS Server 223.5.5.5 < OK > Found 4
[+] Found 4 available DNS Servers in total
[+] Load next level subs ...
[+] Load sub names ...
Traceback (most recent call last):
File "subDomainsBrute.py", line 331, in <module>
d = SubNameBrute(target=args[0], options=options)
File "subDomainsBrute.py", line 48, in __init__
self.outfile = open(outfile, 'w')
IOError: [Errno 13] Permission denied: '****.net.txt'
报了一个错,这个错误是由于没有权限写入导致的,加上sudo即可
sudo python subDomainsBrute.py ****.net
[sudo] wyy 的密码:
[+] Validate DNS servers ...
[+] Check DNS Server 182.254.116.116 < OK > Found 4
[+] Found 4 available DNS Servers in total
[+] Load next level subs ...
[+] Load sub names ...
www.****.net 101.201.172.229
search.****.net 101.201.173.208
mail.****.net 183.3.226.105
passport.****.net 101.201.169.146
forum.****.net 101.200.29.173
ss.****.net 101.201.170.152
blog.****.net 47.95.165.112
pay.****.net 101.201.171.118
my.****.net 101.201.170.152
baidu.****.net 101.201.178.158
news.****.net 101.201.170.152
server.****.net 101.201.171.118
dev.****.net 115.124.18.138
club.****.net 101.201.171.118
so.****.net 101.201.173.208
admin.****.net 101.201.172.229
task.****.net 101.201.171.118
bbs.****.net 101.200.29.173
edu.****.net 101.201.171.118
order.****.net 101.201.171.118
static.****.net 222.186.49.239
platform.****.net 101.201.178.158
data.****.net 101.201.173.208
open.****.net 101.201.172.229
m.****.net 101.201.170.152
api.****.net 101.201.172.229
mail.dev.****.net 115.124.18.138
biz.****.net 121.40.38.37
sd.****.net 101.201.170.152
its.****.net 101.201.178.158
ads.****.net 101.201.174.163