Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
The tool is supposed to be scheduled to run periodically at fixed times, dates, or intervals (Ideally each day). New identified subdomains will be sent to Slack workspace with a notification push. Furthermore, the tool performs DNS resolution to determine working subdomains.
Also Read – AutoRDPwn : The Shadow Attack Framework
How to set up?
Requirements:
First of all, you will have to clone the tool from Github to your web server:
$ git clone https://github.com/yassineaboukir/sublert.git && cd sublert
Now, we can install the required modules as follows:
forPython 2:
$ sudo pip install -r requirements.txt
alternatively, Python 3:
$ sudo pip3 install -r requirements.txt
Next step is to create a Slack workplace to where new subdomains will be sent to. Just browse to https://slack.com/ and create a free account.
Then, create two channels: one for the subdomains and the other is for error logging as follows:
Next, we need to generate Webhook URLs for each channel so we can leverage Slack API.
Browse to https://api.slack.com/apps and create a new application.
Browse to Incoming Webhooks and create two Webhooks and link each one to the two channels formed previously.
And link each webhook with the corresponding Slack channel.
You will obtain a link in the following format:
https://hooks.slack.com/services/XXXXXXX/BF0XXXXME/XXXXXXXXXXXXX
Copy both two webhook links and edit config.py
You’re almost ready! Interesting part now is adding domains to monitor for new subdomains. For now, it’s preferable to add each domain separately. Let’s add PayPal for instance:
$ python sublert.py -u paypal.com
You can proceed the same way with all the other domain names you would like to monitor. Once you’re finished adding the targets, the next step would be to configure Cron in order to schedule execution of Sublert periodically at fixed times.
Let’s make Sublert.py executable:
$ chmod u+x sublert.py
Now, we need to add a new Cron job to schedule execution of it at given time. To do it, type:
$ Crontab -e
Add the following line at the end of the Cron file:
0 */12 * * * cd /root/sublert/ && /usr/bin/python sublert.py -r -l >> /root/sublert/sublert.log 2>&1
You will need to change /root/sublert/ to the exact directory where you have the tool.
If you’re using python3 make sure to change /usr/bin/python to /usr/bin/python3
Short Form | Long Form | Description |
---|---|---|
-u | –url | Adds a domain to monitor. E.g: yahoo.com. |
-d | –delete | Domain to remove from the monitored list. E.g: yahoo.com. |
-a | –list | Listing all monitored domains. |
-t | –threads | Number of concurrent threads to use (Default: 20). |
-r | –resolve | Perform DNS resolution. |
-l | –logging | Enable Slack-based error logging. |
-m | –reset | Reset everything. |
How Does a Firewall Work Step by Step? What Is a Firewall and How Does…
ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…
Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…
SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…
PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…
HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…