sub3suite v0.0.4 releases: free, open source, cross platform Intelligence gathering tool

sub3suite

Sub3 Suite is a research-grade suite of tools for Subdomain Enumeration, OSINT Information gathering & Attack Surface Mapping. Supports both manual and automated analysis on a variety of target types with many available features & tools.

Use Cases

These enumerations processes can be used for offensive & defensive cyber operations, Bug-Bounty hunting & Research. Multiple techniques are normally used by multiple tools to attain this goal. sub3suite combines these different techniques and provides you with multiple capability tools into one suite for effective enumeration both manually and automatically.

General Concepts

• Passive Subdomain Enumeration.
• Active Subdomain Enumeration.
• OSINT (Open-source intelligence).
• OSINT Information gathering.
• Target Mapping.

Subdomain Enumeration

Subdomain enumeration is the process of finding sub-domains for one or more domains. It helps to broader the attack surface, and find hidden applications and forgotten subdomains.

why subdomain enumeration?

• Sub-domain enumeration helps to create a scope of security assessment by revealing domains/sub-domains of a target organization.
• Sub-domain enumeration increases the chance of finding vulnerabilities.
• The sub-domain enumeration helps us in finding the web applications that might be forgotten/left unattended by the organization for maintenance or other reasons and may lead to the disclosure of critical vulnerabilities.

Passive Subdomain Enumeration

For passive subdomain enumeration, the subdomains are obtained from a third party without directly connecting to the target’s infrastructures. These 3rd parties gather and store open information gathered from devices connected to the internet and contain an interface to share this data e.gAPI  . Passive sources include VirusTotal, shodan, host, SecurityTrails, etc.

• Multiple tools are available For this purpose. Open source tools like theHarvester & amass are among the most popular in this field.

• sub3suite has an OSINT tool that can be used for passive subdomain enumeration able to pull data from 50+ osint sources in a matter of seconds & gives users the ability to manipulate this data to their liking.

Sub3Suite’s OSINT Tool.

Active Subdomain Enumeration

In active subdomain enumeration, the adversary or tester gathers the information by directly probing the infrastructure managed by the organization. In active enumeration, the detection of adversary or tester may be possible by the organization. Such kind of probing may raise alerts and/or flags.

• Multiple tools are available For this purpose. Open source tools like subbrute, knock & fierce are among the most popular in this field.

• sub3suite has BRUTEFORCE, ACTIVE & DNS tools that can be used for active subdomain enumeration using multiple techniques & features that are highly efficient and with a low barrier of entry to get started with active subdomain enumeration.

Sub3Suite’s BRUTE Tool.

Open-source Intelligence (OSINT)

Open-source intelligence is the collection and analysis of data gathered from open sources to produce actionable intelligence. There are many techniques and tools used in this field that I can’t go into detail but there are many great articles out there going into much detail about this topic, please check out the references for some of these articles.

• OSINT Framework provides a very good overview and guide to many different types of OSINT enumeration and tools to use.

• sub3suite has multiple tools that can be used for OSINT information gathering of different data types such tools include Enumerators that enumerate specific data types such as IP, ASN, CIDR, NS(Nameservers), MX(MailExchange), SSL Certificates & Emails to much greater details, You can check it out for yourself.

Target Mapping

Target Mapping refers to the general process of mapping(gathering relevant information) on the attack surface of the Target. Both Passive(OSINT) & Active methods are used to accomplish this. different data types are used for mapping the target such as domains, ip-addresses, asn, cidr, emails, phone, users, subdomains, etc. There are many techniques used in this process and can most times be very much time-consuming.

• Multiple tools are used to ease the information gathering and mapping process with the most popular ones being maltego & spiderfoot.
• sub3suite also has the tools for this purpose though still in the early development phase at this time but you can use multiple tools at your disposal to achieve this goal.

Sub3Suite’s Project map

Changelog v0.0.4

• changed ACTIVE Tool to HOST Tool.
  changed no longer use the term ENGINES now its TOOLS
  added IP Tool
  added Ping feature for HOST & IP tools.
  added light theme
  added hostname querying in URL Tool
  fix unwanted selection in results tree views
  fix json highlighter
  fix hackertarget crashing OSINT Tool on hostsearch

Install & Use

Copyright (C) 2022 3nock