.png)
9 months ago
78 BOOK THIS SPACE FOR AD
ARTICLE AD
Hi, Ajak Amico’s welcome back to another blog today. In this blog, I will show you An essential HTTP multiple-probing tool for Penetration testers and Bug Bounty Hunters. Before starting, if you haven’t subscribed to our channel, do subscribe, guys. Contents related to cyber security, Bug Bounty, and Digital Forensics Investigation.👇
Follow our Youtube Channel: @ajakcybersecurity (361Videos)
Follow on Instagram: @ajakcybersecurity
How To Install?
Method 1:
pip install git+https://github.com/sanjai-AK47/Subprober.gitsubprober -hgit clone https://github.com/sanjai-AK47/SubProber.git
cd Subprober
pip install .
subprober -h
In Bug Bounty, recon is the major and important process. Experts Say “How many hours you spend on recon, gives a high severity bug”. During the recon process, we use many tools and methods; this tool will help you with multiple HTTP probing. This tool helps you to analyze the status code, version, and other pertinent information about a website, you can also give, a file name containing a list of subdomains.HTTP probing is a tool used by every researcher, and this tool is created using Python
Let’s Learn Practically!!
After Installing the Tool we need to run the tool by using the command
sub prober -h
After giving the above command, the tool starts running, it will show some help text.
Just for Demo purposes, I am giving the test site (testphp.vulnweb.com). you can simply give the command below as per given in the image.
After hitting the enter Boom!! within a fraction of a second, it gives the output in the output.txt. Open the output.txt like the below image.
Let’s learn with another Example
Test domain:zoho.com
Now I gonna test the domain of Zoho, before I need to find the subdomains of the Zoho domain to do that, I am using the subfinder tool.
it gives the results in subfinder.txt then I am gonna chain this subdomain with the subprober tool.
In the above command -f refers the file all the subdomains in the subfinder.txt are given as the input to the subprober.
Boom!!!
it gives around 9000 results. You can check for redirection vulnerabilities or try to bypass the 403 status code with this tool.
-f, --filename Specify the filename containing a list of subdomains for targeted probing.This flag is used to find and analyze status codes and other pertinent details.
-h, --help Show this help message for you and exit!
-u, --url Specify a target URL for direct probing. This flag allows for the extraction of
status codes and other valuable information.
-p, --path Specify a path for probe and get results ex:: -p admin.php
-px, --proxy Specify a proxy to send the requests through your proxy or BurpSuite ex: 127.0.0.1:8080
-gw, --grep-word Enable The grep word flag will be usefull when grepping partiuclar codes like for 200: OK ---> cat subprober-results.txt | grep OK
This will show the results with 200-299 range codes
-ar, --allow-redirect Enabling these flag will make Subprober to follow the redirection and ger results
-nc, --no-color Enabling the --no-color will display the output without any CLI colors
-up, --update Update Subprober to the latest version through pip and git.[INFO]:
subprober -f filename.txt -c 20 --title --server --application-type --word-count -o output.txtcat subdomains.txt | subprober -c 20 -to 8 -tl -sv -wc -apt -ex 404 500 -o
P.S: Learn the manual method before using the automation tools
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Hope you would have learned some information from this blog if so, kindly press that follow button for further updates. Best wishes from Ajak Cybersecurity.❤️
“கற்றவை பற்றவை🔥”
Learn Everyday, Happy Hacking 😁🙌
— — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Follow our Youtube Channel: @ajakcybersecurity
Follow on Instagram: @ajakcybersecurity
Bengali (Bangladesh) · 
English (United States) ·