subDomainsBrute
这个脚本主要就是发现其他工具无法探测到的域名。Wind下安装同理,只是pip安装完之后默认的路径在D:\Python27\Scripts下。
1,首先需要安装pip
#tar xf pip-8.1.1.tar.gz
# python setup.py install
安装报错:
Traceback (most recent call last):
File “setup.py”, line 6, in <module>
from setuptools import setup, find_packa
解决:
因为没有setup模块,下载安装ez_setup
# python ez_setup.py install
2,再使用pip安装dnspython
#pip install dnspython
3,把subdomainsbrute下载到本地
#yum install git -y
#git clone https://github.com/lijiejie/subDomainsBrute.git
4,用法及说明
# python subDomainsBrute.py
Usage: subDomainsBrute.py [options] target.com
Options:
-h, –help show this help message and exit
-t THREADS_NUM, –threads=THREADS_NUM
Number of threads. default = 60
-f NAMES_FILE, –file=NAMES_FILE
Dict file used to brute sub names
-i, –ignore-intranet
Ignore domains pointed to private IPs
-o OUTPUT, –output=OUTPUT
Output file name. default is {target}.txt
演示:
# python subDomainsBrute.py -t 10 -f dict/subnames.txt ele.me -o ele.txt
-f 可以指定字典进行爆破,-o输入之后的文件,-t可指定爆破线程。
更多字典:http://fuzz.wuyun.org/scanlist/
