SubProber

Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains. The tool offers concurrent scanning, allowing users to define their preferred concurrency level for faster results. Whether you are on Linux, Windows, or macos

Generate Convert Improve

Install / Use

/learn @RevoltSecurities/SubProber

About this skill

Quality Score

0/100

README

Subprober

An essential HTTP multi-purpose Probing Tool for Penetration Testers and Security Researchers with Asynchronous httpx client support

GitHub last commit GitHub release (latest by date)

Overview

Subprober is a powerful and efficient tool designed for penetration testers and security professionals. This release introduces several enhancements, bug fixes, and new features to elevate your probing experience. Subprober facilitates fast and reliable information extraction, making it an invaluable asset for penetration testing workflows.

Fast and configurable probings
Supported Inputs: hosts, URLS, IPs
Supports multiple methods http requests
Supports proxies and customizable Header for probing
Progress your probing tasks

Subprober Probing Configuration:

| Probes | Default Check | Probes | Default Check | |----------------------|---------------|-------------------------|---------------| | Url | True | UrlScheme | False | | Title | True | Ports | False | | Status code | True | Paths | False | | Response Length | True | HTTP2 | False | | Server | True | Response Body Hash | False |
| Content Type | True | HTTP Version | True | | Follow redirection | False | HTTP Method | True | | Path | False | Body Preview | True | | Redirect location | False | Redirect History | True | | Max redirection | False | Response Reason | True | | IP address of Host | False | Word Count | True | | Cname of Host | False | AAAA Record of Host | False | | Jarm | False | Response Time | True | | Web Socket | True | Line Count | True | | TLS Data | False | Redirect Location | True |

Installation

To install Subprober you need python latest version to be installed and then you can follow the below steps to install subprober

PIP Installation:

pip install git+https://github.com/RevoltSecurities/Subprober.git
subprober -h

PIPX Installation:

pipx install git+https://github.com/RevoltSecurities/Subprober.git
subprober -h

GIT Installation:

git clone https://github.com/RevoltSecurities/SubProber.git
cd Subprober
pip install .
subprober -h

Usage

subprober -h      

   _____       __    ____             __             
  / ___/__  __/ /_  / __ \_________  / /_  ___  _____
  \__ \/ / / / __ \/ /_/ / ___/ __ \/ __ \/ _ \/ ___/
 ___/ / /_/ / /_/ / ____/ /  / /_/ / /_/ /  __/ /    
/____/\__,_/_.___/_/   /_/   \____/_.___/\___/_/     
                                                         
                
                
                    - RevoltSecurities


Subprober - An essential HTTP multi-purpose Probing Tool for Penetration Testers and Security Researchers with Asynchronous httpx client support

[Description] :

    Subprober is a high-performance tool designed for probing and extracting vital information efficiently with Asynchronous concurrency performance

[Options]:

    [INPUT]:

        -f,    --filename               specify the filename containing a list of Urls to probe                                       
        -u,    --url                    specify a Url to probe and supports comma-separated values (-u google.com,https://hackerone.com)
        stdin/stdout                    subprober supports both stdin/stdout and enables -nc to pipe the output of subprober
                                      
    [PROBES]:

        -sc,    --status-code           display the status code of the host
        -tl,    --title                 display the title of host
        -sv,    --server                display the server name of the host
        -wc,    --word-count            display the HTTP response word count
        -lc,    --line-count            display the HTTP response line count
        -cl,    --content-length        display the HTTP response content length
        -l ,    --location              display the redirected location of the host
        -apt,   --application-type      display the content type of the host
        -ip,    --ipaddress             display the IPs of the host
        -cn,    --cname                 display the CNAMEs of the host
        -aaa,   --aaa-records           display the AAAA records of the host
        -htv,   --http-version          display the server supported HTTP version of the host
        -hrs,   --http-reason           display the reason for HTTP connection of the host
        -jarm,  --jarm-fingerprint      display the JARM fingerprint hash of the host
        -rpt,   --response-time         display the response time for the successful request
        -wss,   --websocket             display the server supports websockets
        -hash,  --hash                  display response body in hash format (supported hashes: md5, mmh3, simhash, sha1, sha256, sha512)
        -dmt,   --display-method        display the method of the HTTP request 
        -bp,    --body-preview          display the HTTP response body in first n number of characters (default: 100)
    
    [CONFIG]:

        -dhp,   --disable-http-probe    disables subprober from probing HTTP protocols and only for HTTPS when no protocol is specified
        -X,     --method                request methods to probe and get response (supported: get, post, head, put, delete, patch, trace, connect, options) (default: get)
        -H,     --header                add custom headers for probing and -H can be used multiple times to pass multiple header values (ex: -H application/json -H X-Forwarded-Host: 127.0.0.1)
        -ra,    --random-agent          enable Random User-Agent to use for probing and applies same to screenshots. (default: subprober/Alpha)
        -px,    --proxy                 specify a proxy to send the requests through it (ex: http://127.0.0.1:8080)
        -ar,    --allow-redirect        enable following redirections
        -maxr,  --max-redirection       set max value to follow redirections (default: 10)
        -http2, --http2                 enable to request with HTTP/2 support (default: Http/1.1)
        -sni,   --sni-hostname          set custom TLS SNI host name for requests.
        
    [MISCELLANEOUS]:
    
        -p,     --path                  specify a path or text file of paths for probing and getting results (example: -p admin.php or -p paths.txt)
        -pt,    --port                  set custom port for making HTTP request and default ports are 80,443 based on the url scheme
        -tls,   --tls                   grabs the TLS data for the requested host
    
    [HEADLESS]:

        -ss,    --screenshot            enable to take screenshots of the page using headless browsers with asynchronous performance
        -st,    --screenshot-timeout    set a timeout value for taking screenshots (default: 15) 
        -scp,   --system-chrome-path    specify the executable path of the chromedriver to use system chrome to take screenshots
        -pdf,   --save-pdf              enable to save the screenshot image in the pdf format (default: png)
        -HH ,   --screenshot-headers    add custom headers for authenticated screenshots
        -icb,   --include-bytes         enable to include the screenshot bytes in output when json output enabled
        -hos,   --headless-options      set additional chrome headless browser options and supports comma-separated values (-ho "--start-maximized")
        -sid,   --screenshot-idle       set custom idle time in seconds before taking screenshots (default: 1)
        -sp,    --screenshot-path       specify a directory path to store screenshot results (default: currentdir/screenshots)
                                       
    [MATCHERS]:

        -mc,    --match-code            match http response by specified status codes and supports comma-separated values (-mc 200,302)
        -mcr,   --match-code-range      match http response by specified status code range and supports single value (-mcr 200-299)
        -ms,    --match-string          match http response containing the specified string and supports comma-separated values (-ms admin,login)
        -mr,    --match-regex           match http response matching the specified regex and supports comma-separated values (-mr .*admin.*,.*login.*)
        -mpt,   --match-path            match http response by URL path and supports comma-separated values (-mpt /admin/wp-ajax.php,/wp-json)
        -ml,    --match-length          match http response by specified response length and supports comma-separated values (-ml 1024,2048)
        -mlc,   --match-line-count      match http response by specified response line count and supports comma-separated values (-mlc 10,50)
        -mwc,   --match-word-count      match http response by specified word count and supports comma-separated values (-mwc 100,500)
        -mrt,   --match-response-time   match http response exceeding the specified minimum response time in seconds (-mrt 2.30)

    [FILTERS]:

        -fc,    --filter-code

Related Skills

node-connect

335.4k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

frontend-design

82.5k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

openai-whisper-api

335.4k

Transcribe audio via OpenAI Audio Transcriptions API (Whisper).

commit-push-pr

82.5k

Commit, push, and open a PR