Intro

newsubs is a Python-based command-line tool. Its mission? To make subdomain discovery for Bug Bounty programs a breeze. By leveraging data from Chaos, newsubs streamlines the process of fetching and comparing subdomains across different program versions.

Getting started

Before we delve into the exciting world of newsubs, let’s ensure you have it set up on your system. Follow these steps:

git clone https://github.com/heydc7/newsubs.git
cd newsubs
pip3 install -r requirements.txt
python3 newsubs.py -h

Now that newsubs is set up, let’s explore its key features and commands.

Basic Usage

newsubs offers a range of commands that simplify subdomain discovery for Bug Bounty programs. Here’s an overview of its capabilities:

1. Command Help

Before we dive into specific commands, you can always access the command-specific help by running:

newsubs.py -h
newsubs.py <command> -h

This will provide detailed information about the options and arguments for each command.

2. Show

The show command is your gateway to discovering available Bug Bounty programs on Chaos. You can filter programs using the -g flag and save the output to a file using the -o flag:

newsubs.py show [-g GREP] [-o OUTPUT]

For instance, to find programs related to Sony, you can use:

newsubs.py show -g sony

3. Fetch

The fetch command is where the magic happens. It downloads subdomains associated with a specific Bug Bounty program from Chaos. You’ll need to provide the index number of the program using the -i flag:

newsubs.py fetch -i INDEX

This command creates a new directory for the program within the data/ folder, using the current date as the folder name. It stores the fetched subdomains in this directory.

For example:

newsubs.py fetch -i 608

4. Compare

The compare command helps you compare different versions of subdomain folders fetched for a program. It identifies and displays new subdomains between two versions:

newsubs.py compare -p PROGRAM -f1 FILE1 -f2 FILE2 [-o OUTPUT]

To compare archived versions of the “Sony” program fetched on different dates:

newsubs.py compare -p sony -f1 2023-09-25 -f2 2023-09-28

5. Difference

The difference command is a handy tool for finding uncommon items (subdomains) between two files:

newsubs.py difference -f1 FILE1 -f2 FILE2 [-o OUTPUT]

This command is particularly useful when conducting subdomain reconnaissance to identify changes between two sets of subdomains.

For example:

newsubs.py difference -f1 amass.txt -f2 subfinder.txt

6. Union

The union command combines the contents of two files into a single file, ensuring that unique values are retained:

newsubs.py union -f1 FILE1 -f2 FILE2 [-o OUTPUT]

This command simplifies the task of merging subdomains obtained from different sources or tools.

For instance:

newsubs.py union -f1 amass.txt -f2 subfinder.txt

Final Thoughts

Now that we’ve covered the basic commands of “newsubs,” you can use this tool to streamline your subdomain enumeration process for Bug Bounty programs. It enables you to track changes in target assets over time, ensuring you stay ahead in identifying potential vulnerabilities.

So, whether you’re an experienced bug hunter or just starting your journey in cybersecurity, newsubs is a tool worth adding to your arsenal. Happy bug hunting!

I hope you enjoyed my #BugBounty blog.

Feel free to connect with me on Twitter: @heydc7

Thank you!