LSUB v1 is a powerful subdomain enumeration tool designed for cybersecurity professionals. It integrates 12 different engines including search engines and specialized data sources like SSL certificate logs. With features like multi-threading, bruteforce support, port scanning, and customizable output formats, LSUB helps in comprehensive discovery of subdomains for vulnerability assessments and penetration testing.
- Google - Web search enumeration
- Bing - Microsoft search engine
- Yahoo - Yahoo search integration
- Baidu - Chinese search engine
- Ask - Ask.com search
- Netcraft - Domain intelligence
- SSL Certificates (crt.sh) - Enhanced certificate transparency logs
- DNSdumpster - DNS reconnaissance
- VirusTotal - Threat intelligence platform
- ThreatCrowd - Open source threat intelligence
- PassiveDNS - Passive DNS data
- Certificate Transparency - Alternative SSL cert lookup
- π― Multi-threaded scanning for faster results
- π Bruteforce capability with customizable wordlists
- π 12 different enumeration engines
- π Port scanning on discovered subdomains
- πΎ Multiple output formats
- π¨ Colorized terminal output
- β‘ Enhanced crt.sh integration with JSON and HTML parsing
- π§ Flexible engine selection
# Python 2.7 or 3.x
python --version
# Install required dependencies
pip install -r requirements.txtgit clone https://github.com/lasinduChathuranga/LSUB.git
cd LSUB
python3 lsub-v1.py -d example.comrequests>=2.25.1
dnspython>=2.1.0
Optional dependencies for enhanced functionality:
subbrute # For bruteforce functionality
# Simple subdomain enumeration
python lsub-v1.py -d example.com
# With verbose output
python lsub-v1.py -d example.com -v
# Save results to file
python lsub-v1.py -d example.com -o results.txt# Use specific engines only
python lsub-v1.py -d example.com -e google,ssl,dnsdumpster
# Enable bruteforce with custom threads
python lsub-v1.py -d example.com -b -t 50
# Include port scanning
python lsub-v1.py -d example.com -p 80,443,8080,8443
# Use only search engines
python lsub-v1.py -d example.com -e google,bing,yahoo,baidu,ask,netcraft
# Use only specialized engines
python lsub-v1.py -d example.com -e ssl,dnsdumpster,virustotal,threatcrowd,passivednspython lsub-v1.py --show-engines| Option | Description | Example |
|---|---|---|
-d, --domain |
Target domain (required) | -d example.com |
-e, --engines |
Comma-separated list of engines | -e google,ssl,bing |
-t, --threads |
Number of threads (default: 30) | -t 50 |
-b, --bruteforce |
Enable bruteforce enumeration | -b |
-p, --ports |
Scan ports on discovered subdomains | -p 80,443,8080 |
-o, --output |
Output file for results | -o results.txt |
-v, --verbose |
Enable verbose output | -v |
--no-color |
Disable colored output | --no-color |
--show-engines |
Display available engines | --show-engines |
Perfect for discovering subdomains indexed by search engines:
- Google, Bing, Yahoo, Baidu, Ask, Netcraft
Advanced discovery through specialized databases:
- SSL Certificate databases, DNS databases, Threat intelligence platforms
-
Adjust thread count based on your system and network:
python lsub-v1.py -d example.com -t 100 # High-performance systems python lsub-v1.py -d example.com -t 20 # Conservative approach
-
Use specific engines for targeted discovery:
python lsub-v1.py -d example.com -e ssl,dnsdumpster # Focus on cert transparency -
Combine with bruteforce for comprehensive coverage:
python lsub-v1.py -d example.com -b -t 50
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β TARGET ANALYSIS β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β Enumerating subdomains for: example.com β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[+] Using 12 enumeration engines
Search Engines: 6/6
Specialized Engines: 6/6
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Searching now SSL Certificates (crt.sh) β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[+] www.example.com
[+] mail.example.com
[+] ftp.example.com
[+] api.example.com
[+] Found 45 subdomains
[+] Scan completed in 23.45 seconds
# LSUB v1 Enhanced Results
# Generated: 2025-06-15 14:30:22
# Total: 45
api.example.com
ftp.example.com
mail.example.com
www.example.com
...
Place your custom wordlist in the subbrute/ directory:
subbrute/
βββ names.txt # Default wordlist
βββ resolvers.txt # DNS resolvers
βββ custom.txt # Your custom wordlist
We welcome contributions! Here's how you can help:
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
- Additional enumeration engines
- Performance optimizations
- New output formats
- Documentation improvements
- Bug fixes and testing
This project is licensed under the MIT License - see the LICENSE file for details.
This tool is intended for educational purposes and authorized penetration testing only. Users are responsible for complying with applicable laws and regulations. The developers assume no liability for misuse of this tool.
- Bug Reports: GitHub Issues
- Feature Requests: GitHub Discussions
For detailed documentation and advanced usage examples, visit our Wiki.
- Thanks to the certificate transparency community
- Special thanks to crt.sh for SSL certificate data
- Inspired by various subdomain enumeration tools in the security community
- 12 enumeration engines
- Multi-threaded performance
- Enhanced SSL certificate integration
- Cross-platform compatibility
Made with β€οΈ for the cybersecurity community