Sublist3r a python based enumeration tool that enumerates subdomains of the domain using Google, Yahoo, Bing, Baidu, and Ask. It also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.
Subbrute added with it to enhance the finding of all possible domains using brute force with an improved word list.In this Kali Linux tutorial, we show how to enumerate the subdomains with Sublist3r.
Working with Sublist3r
To clone the tool
Python 2 is 2.7.x
Python 3 is 3.4.x
To list all the possible options
python sublist3r.py -h
To enumerate subdomains of specific domain
python sublist3r.py -d google.com
To enumerate subdomains of specific domain and show only subdomains which have open ports 80 and 443
python sublist3r.py -v -d vulnweb.com -p 80,443
The pen-testing helps administrator to close unused ports, additional services, Hide or Customize banners, Troubleshooting services and to calibrate firewall rules.You should test in all ways to guarantee there is no security loophole.
Source : GBHackers