Sublert : Security & Reconnaissance Tool Which Leverages Certificate Transparency

Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.

The tool is supposed to be scheduled to run periodically at fixed times, dates, or intervals (Ideally each day). New identified subdomains will be sent to Slack workspace with a notification push. Furthermore, the tool performs DNS resolution to determine working subdomains.

Requirements

  • Virtual Private Server (VPS) running on Unix. (I personally use digitalOcean)
  • Python 2.x or 3.x.
  • Free Slack workspace.

Also Read – AutoRDPwn : The Shadow Attack Framework

How to set up?

Requirements:

  • Virtual Private Server (VPS) running on Unix. (I use digitalOcean)
  • Python 2.x or 3.x.
  • Free Slack workplace.

First of all, you will have to clone the tool from Github to your web server:

$ git clone https://github.com/yassineaboukir/sublert.git && cd sublert

Now, we can install the required modules as follows:

forPython 2:

$ sudo pip install -r requirements.txt

alternatively, Python 3:

$ sudo pip3 install -r requirements.txt

Next step is to create a Slack workplace to where new subdomains will be sent to. Just browse to https://slack.com/ and create a free account.

Then, create two channels: one for the subdomains and the other is for error logging as follows:

Next, we need to generate Webhook URLs for each channel so we can leverage Slack API.

Browse to https://api.slack.com/apps and create a new application.

Browse to Incoming Webhooks and create two Webhooks and link each one to the two channels formed previously.

And link each webhook with the corresponding Slack channel.

You will obtain a link in the following format:

https://hooks.slack.com/services/XXXXXXX/BF0XXXXME/XXXXXXXXXXXXX

Copy both two webhook links and edit config.py

You’re almost ready! Interesting part now is adding domains to monitor for new subdomains. For now, it’s preferable to add each domain separately. Let’s add PayPal for instance:

$ python sublert.py -u paypal.com

You can proceed the same way with all the other domain names you would like to monitor. Once you’re finished adding the targets, the next step would be to configure Cron in order to schedule execution of Sublert periodically at fixed times.

Let’s make Sublert.py executable:

$ chmod u+x sublert.py

Now, we need to add a new Cron job to schedule execution of it at given time. To do it, type:

$ Crontab -e

Add the following line at the end of the Cron file:

0 */12 * * * cd /root/sublert/ && /usr/bin/python sublert.py -r -l >> /root/sublert/sublert.log 2>&1

You will need to change /root/sublert/ to the exact directory where you have the tool.

If you’re using python3 make sure to change /usr/bin/python to /usr/bin/python3

  • 0 */12 * * * → instructs Cron to run the tool every 12th hour. If you wish to change it to any fixed time you want, feel free to use https://crontab.guru/ to customize your timing.
  • -r → instructs Sublert to perform DNS resolution. It’s optional but recommended.
  • – l → instructs Sublert to log errors and push them to Slack channel. It’s optional but recommended.
  • /var/log/sublert.log 2>&1 → Instructs Cron to save Sublert output to /var/log/sublert.log which you can inspect at any given time if you have any doubts the tool is running smoothly.

Usage

Short FormLong FormDescription
-u–urlAdds a domain to monitor. E.g: yahoo.com.
-d–deleteDomain to remove from the monitored list. E.g: yahoo.com.
-a–listListing all monitored domains.
-t–threadsNumber of concurrent threads to use (Default: 20).
-r–resolvePerform DNS resolution.
-l–loggingEnable Slack-based error logging.
-m–resetReset everything.
R K

Recent Posts

How Does a Firewall Work Step by Step

How Does a Firewall Work Step by Step? What Is a Firewall and How Does…

1 day ago

ROADTools: The Modern Azure AD Exploration Framework

ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…

4 days ago

How to Enumerate Microsoft 365 Groups Using PowerShell and Python

Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…

4 days ago

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

5 days ago

PPLBlade: Advanced Memory Dumping and Obfuscation Tool

PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…

5 days ago

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Scanning

HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…

6 days ago