Subdominator：一款针对漏洞奖励计划的子域名安全枚举工具

FreeBuf-

于 2024-09-25 13:51:51 发布

阅读量1.4k

点赞数 19

CC 4.0 BY-SA版权

分类专栏：工具文章标签：安全

本文链接：https://blog.csdn.net/FreeBuf_/article/details/142521367

关于Subdominator

Subdominator是一款针对漏洞奖励计划的子域名安全枚举工具，可用于在漏洞搜寻和侦察过程中进行被动子域名枚举。它旨在通过高效枚举子域名和各种免费被动资源来帮助研究人员和网络安全专业人员发现潜在的安全漏洞。

Subdominator 与各种免费和付费 API 被动源集成，以收集有价值的子域信息。

功能介绍

1、能够快速、强大地子域名枚举能力；

2、45+ 被动结果枚举子域；

3、可配置 API 密钥设置；

4、综合通知系统；

工具要求

aiofiles>=23.2.1

aiohttp>=3.9.4

appdirs>=1.4.4

art>=6.1

beautifulsoup4>=4.11.1

colorama>=0.4.6

fake_useragent>=1.5.0

PyYAML>=6.0.1

Requests>=2.31.0

rich>=13.7.1

urllib3>=1.26.18

工具安装

由于该工具基于Python 3开发，因此我们首先需要在本地设备上安装并配置好最新版本的Python 3环境。

接下来，广大研究人员可以直接使用下列命令将该项目源码克隆至本地：

git clone https://github.com/RevoltSecurities/Subdominator.git

然后切换到项目目录中，使用pip命令和项目提供的requirements.txt安装该工具所需的其他依赖组件：

cd Subdominator

pip install -r requirements.txt

或直接使用pip命令行工具安装最新版本的Subdominator：

pip install git+https://github.com/RevoltSecurities/Subdominator

Subdominator安装成功后即可使用，但如果想以最高级别高效地使用 subdominator，则某些源需要 API 密钥来设置，用户可以使用此命令：

subdominator -ls

__         __                       _                    __                

   _____  __  __   / /_   ____/ /  ____    ____ ___    (_)   ____   ____ _  / /_  ____    _____

  / ___/ / / / /  / __ \ / __  /  / __ \  / __ `__ \  / /   / __ \ / __ `/ / __/ / __ \  / ___/

 (__  ) / /_/ /  / /_/ // /_/ /  / /_/ / / / / / / / / /   / / / // /_/ / / /_  / /_/ / / /    

/____/  \__,_/  /_.___/ \__,_/   \____/ /_/ /_/ /_/ /_/   /_/ /_/ \__,_/  \__/  \____/ /_/     

                                                                                               

 

                     @RevoltSecurities

 

[Version]: Subdominator current version v1.0.8 (latest)

[INFO]: Current Available free passive resources: [45]

[INFO]: Sources marked with an * needs API key(s) or token(s) configuration to works

[INFO]: Hey sanjai you can config your api keys or token here /home/sanjai/.config/Subdominator/provider-config.yaml to work

 

abuseipDB                                                                                                                                                                                                                                     

alienvault                                                                                                                                                                                                                                    

anubis                                                                                                                                                                                                                                        

bevigil*                                                                                                                                                                                                                                      

binaryedge*                                                                                                                                                                                                                                   

bufferover*                                                                                                                                                                                                                                   

c99*                                                                                                                                                                                                                                          

censys*