子域名爆破subDomainsBrute的简单使用-优快云博客

本文介绍了一款名为subDomainsBrute的子域名收集工具，通过使用该工具可以有效地进行子域名爆破并收集相关信息。文章详细展示了如何从GitHub上下载安装此工具，并提供了具体的命令行操作步骤及示例。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

工具GIthub地址：https://github.com/lijiejie/subDomainsBrute

首先，使用git clone 下载到本地的/opt/目录

git clone https://github.com/lijiejie/subDomainsBrute

接着，查看subDomainsBrute里面的文件

cd subDomainsBrute

ls
dict lib README.md screenshot.png subDomainsBrute.py

其中dict为字典文件，里面文件如下：

dns_servers.txt next_sub.txt subnames_all_5_letters.txt subnames.txt
next_sub_full.txt sample_qq.com.txt subnames_full.txt

lib为库文件，内容如下：

ll lib/
总用量 12
-rw-r--r-- 1 root root 2739 12月 7 19:15 consle_width.py
-rw-r--r-- 1 root root 3011 12月 7 19:36 consle_width.pyc
-rw-r--r-- 1 root root 0 12月 7 19:15 __init__.py
-rw-r--r-- 1 root root 123 12月 7 19:36 __init__.pyc

screenshot.png 为使用截图

首先查看帮助信息

python subDomainsBrute.py -h
Usage: subDomainsBrute.py [options] target.com

Options:
--version show program's version number and exit
-h, --help show this help message and exit
-f FILE File contains new line delimited subs, default is
subnames.txt.
--full Full scan, NAMES FILE subnames_full.txt will be used
to brute
-i, --ignore-intranet
Ignore domains pointed to private IPs
-t THREADS, --threads=THREADS
Num of scan threads, 100 by default
-o OUTPUT, --output=OUTPUT
Output file name. default is {target}.txt

使用subDomainsBrute做一个简单子域名收集

python subDomainsBrute.py youkuaiyun.com
[+] Validate DNS servers ...
[+] Check DNS Server 223.5.5.5 < OK > Found 4
[+] Found 4 available DNS Servers in total
[+] Load next level subs ...
[+] Load sub names ...
Traceback (most recent call last):
File "subDomainsBrute.py", line 331, in <module>
d = SubNameBrute(target=args[0], options=options)
File "subDomainsBrute.py", line 48, in __init__
self.outfile = open(outfile, 'w')
IOError: [Errno 13] Permission denied: 'youkuaiyun.com.txt'

报了一个错，这个错误是由于没有权限写入导致的，加上sudo即可

sudo python subDomainsBrute.py youkuaiyun.com
[sudo] wyy 的密码：
[+] Validate DNS servers ...
[+] Check DNS Server 182.254.116.116 < OK > Found 4
[+] Found 4 available DNS Servers in total
[+] Load next level subs ...
[+] Load sub names ...
www.youkuaiyun.com 101.201.172.229
search.youkuaiyun.com 101.201.173.208
mail.youkuaiyun.com 183.3.226.105
passport.youkuaiyun.com 101.201.169.146
forum.youkuaiyun.com 101.200.29.173
ss.youkuaiyun.com 101.201.170.152
blog.youkuaiyun.com 47.95.165.112
pay.youkuaiyun.com 101.201.171.118
my.youkuaiyun.com 101.201.170.152
baidu.youkuaiyun.com 101.201.178.158
news.youkuaiyun.com 101.201.170.152
server.youkuaiyun.com 101.201.171.118
dev.youkuaiyun.com 115.124.18.138
club.youkuaiyun.com 101.201.171.118
so.youkuaiyun.com 101.201.173.208
admin.youkuaiyun.com 101.201.172.229
task.youkuaiyun.com 101.201.171.118
bbs.youkuaiyun.com 101.200.29.173
edu.youkuaiyun.com 101.201.171.118
order.youkuaiyun.com 101.201.171.118
static.youkuaiyun.com 222.186.49.239
platform.youkuaiyun.com 101.201.178.158
data.youkuaiyun.com 101.201.173.208
open.youkuaiyun.com 101.201.172.229
m.youkuaiyun.com 101.201.170.152
api.youkuaiyun.com 101.201.172.229
mail.dev.youkuaiyun.com 115.124.18.138
biz.youkuaiyun.com 121.40.38.37
sd.youkuaiyun.com 101.201.170.152
its.youkuaiyun.com 101.201.178.158
ads.youkuaiyun.com 101.201.174.163