subdomainLookup is a python script that uses Google search results to find subdomains of the target domain name.
I have been using it in security assessments and it works pretty well. Essential for network mapping. Test your own domain and see the results.
Sample usage:
> subdomainLookup.py blogger.com
beta.blogger.com
www.blogger.com
draft.blogger.com
www2.blogger.com
Download subdomainLookup v0.4 from here
* Uses main Python libraries. Tested with Python 2.5.x on Linux and Windows.
Update: Bedirhan sent me some patches that improve the results of the subdomainLookup v0.2 script. With some tests and additional improvements, here is the new version, 0.4 which can be downloaded from the same location.
Friday, September 25, 2009
Subscribe to:
Post Comments (Atom)
7 comments:
Great tool! And it's wise to use mobile search instead of the heavy regular one.
I've humbly changed a few parts, which I'll send to you, to increase the coverage. My changes include;
. usage of "-site" instead of more generic "-" negation
. usage of cookielib (yes, it affects the results)
. character refining with subdomain regex (adding -)
. usage of "Accept-Language" header (that affects the results, too)
. putting the real "site:" at the end of the search query (astonishing!)
cheers
If nameservers are misconfigured, you can also find subdomains using this page Find all subdomains
Great idea, but did not work for me for some reason. It timeouts after some time, not sure what I'm doing wrong. For those who are interested in a simple solution I found this tool: http://findsubdomain.com/
I tried using your script, but the only thing it spits back is "no result found for...". I have tried multiple sites where I know sub domains exist, but the script always tells me it cannot find anything.
I've tried using your script, but I keep getting "no result found for ____" regardless of what sites I try to check.
I am using cygwin if that matters.
Hi Will,
Thanks for pointing it out. I updated the script.
Please download again and retry.
Sorry for the double post yesterday... but thanks for posting an update. I've tried out the script and it does seem to work now when there are a small number of subdomains. However, when I look at pages with many subdomains like "buffalo.edu" I get a http 414 error.
I don't know python, but I was wondering if it would be possible to modify this script to read from a csv then append the corresponding output to the right of the domains?
example output:
"domainA","SubA1","SubA1"
"domainB","SubB1","SubB2"
...
Post a Comment