Skip to content

Instantly share code, notes, and snippets.

@michele-tn

michele-tn/Sublist3r Installation.md

Last active November 23, 2025 11:37
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save michele-tn/1334d8796d2c4e308f9da69d34db49b6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save michele-tn/1334d8796d2c4e308f9da69d34db49b6 to your computer and use it in GitHub Desktop.
Download ZIP
Sublist3r is a Python tool designed to enumerate subdomains of websites using OSINT.
Raw
Sublist3r Installation.md

Sublist3r Installation and Usage Guide (Ubuntu 22.04.5 LTS)

Sublist3r is a Python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.

subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of the subbrute.

image

This document explains how to install, run, and clean up Sublist3r when it is installed directly from the official GitHub repository.

The commands below were tested on:

  • OS: Ubuntu 22.04.5 LTS
  • Kernel: GNU/Linux 5.15.0-161-generic x86_64
  • Tool: Sublist3r from GitHub (https://github.com/aboul3la/Sublist3r.git)

1. Prerequisites

Make sure your system is up to date and that you have the basic tools installed.

sudo apt update
sudo apt upgrade -y

Install Git, Python 3 and pip:

sudo apt install -y git python3 python3-pip

Optional but recommended: create a Python virtual environment so that Sublist3r’s dependencies are isolated from the rest of the system.

sudo apt install -y python3-venv

2. Clone Sublist3r from GitHub

Choose a directory where you want to store the tool (for example, your home folder) and clone the repository:

cd ~
git clone https://github.com/aboul3la/Sublist3r.git
cd Sublist3r

At this point, the Sublist3r source code is in ~/Sublist3r.

3. (Optional) Create and activate a virtual environment

If you want to keep Sublist3r’s Python packages separate, create a virtual environment inside the Sublist3r folder:

cd ~/Sublist3r

python3 -m venv venv
source venv/bin/activate

When the virtual environment is active, your shell prompt will usually start with (venv).

To deactivate it later, you can simply run:

deactivate

4. Install Python dependencies

Sublist3r’s Python dependencies are listed in requirements.txt. Install them with:

cd ~/Sublist3r

# If using the virtual environment:
# source venv/bin/activate

pip3 install -r requirements.txt

If you are inside the virtual environment, you can simply use pip:

pip install -r requirements.txt

5. Run Sublist3r from the cloned directory

From inside the Sublist3r directory:

cd ~/Sublist3r

# If you created a virtual environment:
# source venv/bin/activate

python3 sublist3r.py -h

The -h option shows the help message and confirms that the tool is working.

Basic usage examples

Enumerate subdomains for a domain:

python3 sublist3r.py -d example.com

Enumerate subdomains and show verbose output:

python3 sublist3r.py -d example.com -v

Enumerate subdomains and save the results to a file:

python3 sublist3r.py -d example.com -o example_subdomains.txt

Enumerate subdomains and scan only a few ports (for example, 80 and 443):

python3 sublist3r.py -d example.com -p 80,443

Important: Use Sublist3r only on domains you own or are explicitly authorized to test. Unauthorized scanning may be illegal.

6. (Optional) Make Sublist3r globally available

If you prefer to run Sublist3r from any directory using a short command, you can create a symbolic link.

  1. Ensure the script is executable:
cd ~/Sublist3r
chmod +x sublist3r.py
  1. Create a symbolic link in /usr/local/bin:
sudo ln -s ~/Sublist3r/sublist3r.py /usr/local/bin/sublist3r

After this, you can run Sublist3r from anywhere:

sublist3r -d example.com

If you used a virtual environment, remember that global usage via a symlink works best when dependencies are installed system-wide (without the venv). If you prefer isolation, run Sublist3r from within the virtual environment instead.

7. Cleanup / Uninstall procedure

If you want to remove Sublist3r and clean up your system, follow the steps that match how you installed it.

7.1. Remove the cloned Git repository

If you no longer need the tool, simply delete the folder:

rm -rf ~/Sublist3r

If you created the virtual environment inside ~/Sublist3r, it will be removed together with the folder.

7.2. Remove the symbolic link (if you created it)

If you created a symlink in /usr/local/bin, remove it:

sudo rm /usr/local/bin/sublist3r

7.3. Remove Python dependencies (optional)

If you installed Sublist3r’s dependencies globally using pip3 install -r requirements.txt, they will remain installed even after deleting the folder.

You can remove them manually, for example:

pip3 uninstall requests dnspython -y

Warning: Only uninstall packages if you are sure they are not used by other applications or tools on your system.

If you installed Sublist3r inside a virtual environment, cleaning up is easier:

  1. Deactivate the venv if it is active:

    deactivate

  2. Delete the venv directory (if it still exists):

    rm -rf ~/Sublist3r/venv

8. Summary

  • Clone the repository: git clone https://github.com/aboul3la/Sublist3r.git
  • (Optional) Create a virtual environment with python3 -m venv venv
  • Install dependencies: pip3 install -r requirements.txt
  • Run the tool: python3 sublist3r.py -d example.com
  • Cleanup:
    • Remove ~/Sublist3r
    • Remove the symlink in /usr/local/bin (if created)
    • Optionally uninstall Python packages or simply delete the virtual environment

This procedure has been verified on Ubuntu 22.04.5 LTS (GNU/Linux 5.15.0-161-generic x86_64).

@michele-tn
Copy link
Author

michele-tn commented Nov 23, 2025

Alternatives to Sublist3r Compatible with Ubuntu 22.04.5

Linux
Category
Status
Tools

This README provides a corrected, validated and realistic comparison of the best modern alternatives to Sublist3r for subdomain enumeration, all fully compatible with Ubuntu 22.04.5 LTS.

📌 Comparison Table

Tool Enumeration Type Speed* Accuracy* Install (Ubuntu 22.04.5) Ideal Use / Key Advantages Notes
Amass (OWASP) Active + Passive Medium Very High sudo apt install amass Most complete OSINT engine; huge number of data sources; graph-based recon Heavy on resources; slower than all other tools
Assetfinder Passive Very High Medium go install github.com/tomnomnom/assetfinder@latest Extremely fast OSINT booster; great for quick enumeration or automation Requires cleanup (DNS validation) to remove dead subdomains
Subfinder Passive High Very High go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest Highest passive enumeration accuracy; modern community standard Works best when followed by DNSx
Findomain Passive Very High High Download binary → chmod +x → move to $PATH Very fast; Rust-based; supports multi-provider OSINT Some features require API keys
DNSx DNS validation High High go install github.com/projectdiscovery/dnsx/cmd/dnsx@latest Filters and keeps only resolvable, real subdomains Used as a validation layer, not a standalone enumeration tool

*Speed and accuracy are relative ratings based on practical field usage and public community benchmarks.

🧩 Suggested Workflows

Why this workflow?

  • Subfinder → Highest passive enumeration accuracy
  • Assetfinder → Extremely fast OSINT booster
  • DNSx → Filters only real, resolvable subdomains

🔧 Usage Examples

1. Fast OSINT Sweep (recommended for automation)

assetfinder example.com | dnsx -silent -resp

2. High-Accuracy Passive Enumeration

subfinder -d example.com -all -silent | dnsx -silent -resp

3. Full Deep Recon (Red Team / Pentest)

amass enum -d example.com -active -o amass_raw.txt
subfinder -d example.com -all -silent -o subfinder_raw.txt
cat amass_raw.txt subfinder_raw.txt | sort -u | dnsx -silent -o final_valid.txt

🔄 Workflow Diagram

        +------------------+
        |   Assetfinder    |----+
        +------------------+    |
                                 +--> Candidate Subdomains --> DNSx --> Valid Subdomains
        +------------------+    |
        |    Subfinder     |----+
        +------------------+

        +------------------+
        |      Amass       | (optional deep scan)
        +------------------+

📘 Additional Notes

  • All tools listed are fully compatible with Ubuntu 22.04.5 LTS.
  • Amass is the most complete OSINT tool but significantly slower.
  • Subfinder + DNSx is widely used in Red Team and Bug Bounty pipelines.
  • Assetfinder remains excellent for quick scans or automation.

📥 Summary

This README includes a corrected, validated and realistic comparison of modern Sublist3r alternatives, with workflows, usage examples, and diagrams suitable for security engineers, Red Team operators and bug bounty hunters.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment