About the SubBrute Tool
-
SubBrute is an open source subdomain enumeration tool.
-
It is community maintained and aims to be the fastest and most accurate domain finding tool.
-
It makes use of open DNS resolvers to bypass rate-limiting restrictions.
-
It doesn't come preinstalled with Kali Linux and must be downloaded from https://github.com/TheRook/subbrute.
-
Italso provides a layer of anonymity, as SubBrute does not send traffic directly to the target's name servers.
-
Better stablity. Better support for testing cloudflare domains.
-
Basically Sub brute is being used by pentesters for over 3 years and has not lost its place because the tools uses multi-threading using python engine.
-
This tool also contains a large list of real sub-domain that you will find in the wild.
-
Basically we were fed up with Fierce / fierce2, and every other tool we used so we found something way faster in python. This tool will not only brute force sub domains.
-
It will also gather information about them as well. By default this tool does subdomain enumeration about 8 times faster than Fierce, and can chew through 31k lookups in about 5 minutes on a normal connection.
Demo
what's new in recent version
-
The great news in this version is that SubBrute is now a recursive DNS-spider, and also a library, more on this later.
-
SubBrute should be easy to use, so the interface should be intuitive (like nmap!),
-
In this version we are opening up SubBrute's fast DNS resolution pipeline for any DNS record type.
-
Additionally, SubBrute now has a feature to detect subdomains were their resolution is intentionally blocked, which sometimes happens when a subdomain is intended for for use on an internal network.
SubBrute is now a DNS spider that recursively crawls enumerated DNS records.
This feature boosted *.google.com from 123 to 162 subdomains. (Always enabled)
--type enumerate an arbitrary record type (AAAA, CNAME, SOA, TXT, MX...)
-s can now read subdomains from result files.
New useage - The subdomains enumerated from previous scans can now be used as input to enumerate other DNS records.
Easy to use:
./subbrute.py google.com
Tests multiple domains:
./subbrute.py google.com gmail.com blogger.com
or
a newline delimited list of domains:
./subbrute.py -t list.txt

what's new in recent version
-
The great news in this version is that SubBrute is now a recursive DNS-spider, and also a library, more on this later.
-
SubBrute should be easy to use, so the interface should be intuitive (like nmap!),
-
In this version we are opening up SubBrute's fast DNS resolution pipeline for any DNS record type.
-
Additionally, SubBrute now has a feature to detect subdomains were their resolution is intentionally blocked, which sometimes happens when a subdomain is intended for for use on an internal network.
SubBrute is now a DNS spider that recursively crawls enumerated DNS records.
This feature boosted *.google.com from 123 to 162 subdomains. (Always enabled)
--type enumerate an arbitrary record type (AAAA, CNAME, SOA, TXT, MX...)
-s can now read subdomains from result files.
New useage - The subdomains enumerated from previous scans can now be used as input to enumerate other DNS records.
Easy to use:
./subbrute.py google.com
Tests multiple domains:
./subbrute.py google.com gmail.com blogger.com
or
a newline delimited list of domains:
./subbrute.py -t list.txt