Saltar a contenido

AlterX Subdomain Wordlist Generator hoja de trucos

Overview

AlterX is a fast and customizable subdomain wordlist generator developed by Project Discovery. It uses patterns and domain-specific language (DSL) to generate permutations and alterations of subdomains, making it a powerful tool for active subdomain enumeración. AlterX fits into the active subdomain enumeración pipeline, complementing passive subdomain discovery tools like Subfinder.

What sets AlterX apart from other wordlist generators is its pattern-based approach and its ability to generate objetivoed, context-aware wordlists. Instead of using generic wordlists, AlterX can create permutations based on known subdomains, allowing for more effective discovery of related subdomains. This approach significantly increases the chances of finding valid subdomains during security assessments and bug bounty hunting.

AlterX is designed to be used in combination with tools like ShuffleDNS or other DNS brute-forcing tools to discover new subdomains that might not be found through passive enumeración methods. Its customizable patterns and efficient generation algoritmo make it an essential tool for comprehensive subdomain enumeración.

instalación

Using Go

# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/alterx/cmd/alterx@latest

# Verify instalación
alterx -version

Using Docker

# Pull the latest Docker image
docker pull projectdiscovery/alterx:latest

# Run AlterX using Docker
docker run -it projectdiscovery/alterx:latest -h

Using Homebrew (macOS)

# Install using Homebrew
brew install alterx

# Verify instalación
alterx -version

Using PDTM (Project Discovery Tools Manager)

# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest

# Install AlterX using PDTM
pdtm -i alterx

# Verify instalación
alterx -version

On Kali Linux

# Install using apt
sudo apt install alterx

# Verify instalación
alterx -version

Basic uso

Generating Wordlists

# Generate wordlist using default patterns
alterx -l subdomains.txt

# Generate wordlist with specific pattern
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev"

# Generate wordlist from a single domain
alterx -d ejemplo.com -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"

# Generate wordlist from multiple domains
alterx -d ejemplo.com,hackerone.com -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"

Output opcións

# Save results to a file
alterx -l subdomains.txt -o wordlist.txt

# Output in JSON format
alterx -l subdomains.txt -json -o wordlist.json

# Silent mode (only wordlist entries)
alterx -l subdomains.txt -silent

Pattern uso

Basic Patterns

# Use word pattern (extracts words from input)
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}"

# Use number pattern (extracts numbers from input)
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}"

# Use character pattern (extracts characters from input)
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}"

# Combine multiple patterns
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"

Advanced Patterns

# Use prefix pattern
alterx -l subdomains.txt -p "dev-\\\\{\\\\{word\\\\}\\\\}"

# Use suffix pattern
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-prod"

# Use multiple patterns
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev,\\\\{\\\\{word\\\\}\\\\}-prod,\\\\{\\\\{word\\\\}\\\\}-stage"

# Use patterns from a file
alterx -l subdomains.txt -pf patterns.txt

Pattern Modifiers

# Use uppercase modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:uppercase\\\\}\\\\}"

# Use lowercase modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:lowercase\\\\}\\\\}"

# Use capitalize modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:capitalize\\\\}\\\\}"

# Use multiple modifiers
alterx -l subdomains.txt -p "\\\\{\\\\{word:lowercase:capitalize\\\\}\\\\}"

Advanced uso

Word Extraction

# Extract words from input
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -extract-words

# Set minimum word length
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -min-word-length 3

# Set maximum word length
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -max-word-length 10

Number Extraction

# Extract numbers from input
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -extract-numbers

# Set minimum number length
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -min-number-length 1

# Set maximum number length
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -max-number-length 5

Character Extraction

# Extract characters from input
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -extract-chars

# Set minimum character length
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -min-char-length 1

# Set maximum character length
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -max-char-length 3

Pattern ejemplos

Common Subdomain Patterns

# Development environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev,dev-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.dev"

# Staging environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-stage,stage-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.stage"

# Production environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-prod,prod-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.prod"

# API endpoints
alterx -l subdomains.txt -p "api-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}-api,api.\\\\{\\\\{word\\\\}\\\\}"

# Admin panels
alterx -l subdomains.txt -p "admin-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}-admin,admin.\\\\{\\\\{word\\\\}\\\\}"

Numeric Patterns

# Append numbers
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}\\\\{\\\\{number\\\\}\\\\}"

# Prepend numbers
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}\\\\{\\\\{word\\\\}\\\\}"

# Separate with hyphen
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"

# Separate with dot
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}.\\\\{\\\\{number\\\\}\\\\}"

Regional Patterns

# Geographic regions
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-us,\\\\{\\\\{word\\\\}\\\\}-eu,\\\\{\\\\{word\\\\}\\\\}-asia"

# Countries
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-uk,\\\\{\\\\{word\\\\}\\\\}-ca,\\\\{\\\\{word\\\\}\\\\}-au"

# Cities
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-nyc,\\\\{\\\\{word\\\\}\\\\}-lon,\\\\{\\\\{word\\\\}\\\\}-sfo"

Integration with Other Tools

Pipeline with ShuffleDNS

# Generate wordlist and use it for DNS brute-forcing
alterx -l subdomains.txt -silent|shuffledns -d ejemplo.com -w /dev/stdin -r resolvers.txt

# Generate wordlist, filter, and use for DNS brute-forcing
| alterx -l subdomains.txt -silent | grep -v "test" | shuffledns -d ejemplo.com -w /dev/stdin -r resolvers.txt |

Pipeline with Subfinder

# Find subdomains passively and use them to generate wordlist
subfinder -d ejemplo.com -silent|alterx -p "\\\\{\\\\{word\\\\}\\\\}-dev,\\\\{\\\\{word\\\\}\\\\}-stage" -silent

# Find subdomains, generate wordlist, and use for DNS brute-forcing
| subfinder -d ejemplo.com -silent | alterx -p "\\\\{\\\\{word\\\\}\\\\}-dev" -silent | shuffledns -d ejemplo.com -w /dev/stdin -r resolvers.txt |

Pipeline with HTTPX

# Generate wordlist, resolve domains, and probe for HTTP servicios
| alterx -l subdomains.txt -silent | dnsx -a -resp-only | httpx -silent |

# Generate wordlist for specific domain and probe for HTTP servicios
| alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-api" -silent | dnsx -a -resp-only -d ejemplo.com | httpx -silent |

Output Customization

Custom Output Format

# Output only wordlist entries
alterx -l subdomains.txt -silent

# Count generated entries
alterx -l subdomains.txt -silent|wc -l

# Sort output alphabetically
alterx -l subdomains.txt -silent|sort

# Remove duplicates
alterx -l subdomains.txt -silent|sort -u

Filtering Output

# Filter by pattern
alterx -l subdomains.txt -silent|grep "dev"

# Filter out pattern
alterx -l subdomains.txt -silent|grep -v "test"

# Filter by length
alterx -l subdomains.txt -silent|awk 'length($0) < 20'

Advanced Filtering

# Filter by word count
alterx -l subdomains.txt -silent|awk 'NF==1'  # Single word
alterx -l subdomains.txt -silent|awk 'NF==2'  # Two words

# Filter by character type
alterx -l subdomains.txt -silent|grep -E '^[a-z]+

## Performance Optimization

### Concurrency and Rate Limiting

```bash
# Set concurrency (default: 10)
alterx -l subdomains.txt -c 20

# Set rate limit
alterx -l subdomains.txt -rate-limit 100

Optimization for Large Inputs

# Use stream mode for large inputs
alterx -l large-subdomains.txt -stream

# Limit maximum entries
alterx -l subdomains.txt -max-entries 1000

solución de problemas

Common Issues

  1. Memory Issues
   # Use stream mode for large inputs
   alterx -l large-subdomains.txt -stream

   # Limit maximum entries
   alterx -l subdomains.txt -max-entries 1000
   ```

2. **Pattern Issues**

```bash
   # Check pattern sintaxis
   alterx -l subdomains.txt -p "\{\{word\}\}-dev" -debug

   # Use simple patterns first
   alterx -l subdomains.txt -p "\{\{word\}\}"
   ```

3. **No Output**

```bash
   # Check input file
   cat subdomains.txt

   # Use verbose mode
   alterx -l subdomains.txt -v
   ```

4. **Duplicate Entries**

```bash
   # Remove duplicates
   alterx -l subdomains.txt -silent|sort -u
   ```

### Debugging

```bash
# Enable verbose mode
alterx -l subdomains.txt -v

# Show debug information
alterx -l subdomains.txt -debug

# Show statistics
alterx -l subdomains.txt -stats

configuración

configuración File

AlterX uses a configuración file located at $HOME/.config/alterx/config.yaml. You can customize various settings in this file:

# ejemplo configuración file
concurrency: 10
rate-limit: 100
patterns:
  - "\{\{word\}\}-dev"
  - "\{\{word\}\}-stage"
  - "\{\{word\}\}-prod"

Environment Variables

# Set AlterX configuración via environment variables
expuerto ALTERX_CONCURRENCY=10
expuerto ALTERX_RATE_LIMIT=100
expuerto ALTERX_PATTERNS="\{\{word\}\}-dev,\{\{word\}\}-stage,\{\{word\}\}-prod"

Reference

comando Line opcións

| | bandera | Descripción | | | --- | --- | | | -d, -domain | objetivo domain(s) to use for wordlist generation | | | | -l, -list | File containing list of domains to use for wordlist generation | | | | -p, -pattern | Pattern(s) to use for wordlist generation | | | | -pf, -pattern-file | File containing patterns to use for wordlist generation | | | | -o, -output | File to write output to | | | | -json | Write output in JSON format | | | | -silent | Show only wordlist entries in output | | | | -v, -verbose | Show verbose output | | | | -extract-words | Extract words from input | | | | -extract-numbers | Extract numbers from input | | | | -extract-chars | Extract characters from input | | | | -min-word-length | Minimum word length | | | | -max-word-length | Maximum word length | | | | -min-number-length | Minimum number length | | | | -max-number-length | Maximum number length | | | | -min-char-length | Minimum character length | | | | -max-char-length | Maximum character length | | | | -c, -concurrency | Number of concurrent workers | | | | -rate-limit | Maximum number of entries per second | | | | -stream | Stream mode for large inputs | | | | -max-entries | Maximum number of entries to generate | | | | -stats | Show statistics | | | | -debug | Show debug information | | | | -version | Show AlterX version | |

Pattern Variables

| | Variable | Descripción | | | --- | --- | | | \{\{word\}\} | Extracts words from input | | | | \{\{number\}\} | Extracts numbers from input | | | | \{\{char\}\} | Extracts characters from input | |

Pattern Modifiers

| | Modifier | Descripción | | | --- | --- | | | :uppercase | Converts to uppercase | | | | :lowercase | Converts to lowercase | | | | :capitalize | Capitalizes first letter | |

Resources

This hoja de trucos provides a comprehensive reference for using AlterX, from basic wordlist generation to advanced pattern uso and integration with other tools. For the most up-to-date information, always refer to the official documentación.

# Only lowercase alterx -l subdomains.txt -silent|grep -E '[0-9]' # Contains numbers

Filter by domain pattern

alterx -l subdomains.txt -silent|grep -E '^api-' # Starts with "api-" alterx -l subdomains.txt -silent|grep -E '-dev

Performance Optimization

Concurrency and Rate Limiting

CODE_BLOCK_22

Optimization for Large Inputs

CODE_BLOCK_23

solución de problemas

Common Issues

  1. Memory Issues CODE_BLOCK_24

  2. Pattern Issues CODE_BLOCK_25

  3. No Output CODE_BLOCK_26

  4. Duplicate Entries CODE_BLOCK_27

Debugging

CODE_BLOCK_28

configuración

configuración File

AlterX uses a configuración file located at $HOME/.config/alterx/config.yaml. You can customize various settings in this file:

CODE_BLOCK_29

Environment Variables

CODE_BLOCK_30

Reference

comando Line opcións

| | bandera | Descripción | | | --- | --- | | | -d, -domain | objetivo domain(s) to use for wordlist generation | | | | -l, -list | File containing list of domains to use for wordlist generation | | | | -p, -pattern | Pattern(s) to use for wordlist generation | | | | -pf, -pattern-file | File containing patterns to use for wordlist generation | | | | -o, -output | File to write output to | | | | -json | Write output in JSON format | | | | -silent | Show only wordlist entries in output | | | | -v, -verbose | Show verbose output | | | | -extract-words | Extract words from input | | | | -extract-numbers | Extract numbers from input | | | | -extract-chars | Extract characters from input | | | | -min-word-length | Minimum word length | | | | -max-word-length | Maximum word length | | | | -min-number-length | Minimum number length | | | | -max-number-length | Maximum number length | | | | -min-char-length | Minimum character length | | | | -max-char-length | Maximum character length | | | | -c, -concurrency | Number of concurrent workers | | | | -rate-limit | Maximum number of entries per second | | | | -stream | Stream mode for large inputs | | | | -max-entries | Maximum number of entries to generate | | | | -stats | Show statistics | | | | -debug | Show debug information | | | | -version | Show AlterX version | |

Pattern Variables

| | Variable | Descripción | | | --- | --- | | | \{\{word\}\} | Extracts words from input | | | | \{\{number\}\} | Extracts numbers from input | | | | \{\{char\}\} | Extracts characters from input | |

Pattern Modifiers

| | Modifier | Descripción | | | --- | --- | | | :uppercase | Converts to uppercase | | | | :lowercase | Converts to lowercase | | | | :capitalize | Capitalizes first letter | |

Resources

This hoja de trucos provides a comprehensive reference for using AlterX, from basic wordlist generation to advanced pattern uso and integration with other tools. For the most up-to-date information, always refer to the official documentación.

 # Ends with "-dev"

```

Performance Optimization

Concurrency and Rate Limiting

CODE_BLOCK_22

Optimization for Large Inputs

CODE_BLOCK_23

solución de problemas

Common Issues

  1. Memory Issues CODE_BLOCK_24

  2. Pattern Issues CODE_BLOCK_25

  3. No Output CODE_BLOCK_26

  4. Duplicate Entries CODE_BLOCK_27

Debugging

CODE_BLOCK_28

configuración

configuración File

AlterX uses a configuración file located at $HOME/.config/alterx/config.yaml. You can customize various settings in this file:

CODE_BLOCK_29

Environment Variables

CODE_BLOCK_30

Reference

comando Line opcións

| | bandera | Descripción | | | --- | --- | | | -d, -domain | objetivo domain(s) to use for wordlist generation | | | | -l, -list | File containing list of domains to use for wordlist generation | | | | -p, -pattern | Pattern(s) to use for wordlist generation | | | | -pf, -pattern-file | File containing patterns to use for wordlist generation | | | | -o, -output | File to write output to | | | | -json | Write output in JSON format | | | | -silent | Show only wordlist entries in output | | | | -v, -verbose | Show verbose output | | | | -extract-words | Extract words from input | | | | -extract-numbers | Extract numbers from input | | | | -extract-chars | Extract characters from input | | | | -min-word-length | Minimum word length | | | | -max-word-length | Maximum word length | | | | -min-number-length | Minimum number length | | | | -max-number-length | Maximum number length | | | | -min-char-length | Minimum character length | | | | -max-char-length | Maximum character length | | | | -c, -concurrency | Number of concurrent workers | | | | -rate-limit | Maximum number of entries per second | | | | -stream | Stream mode for large inputs | | | | -max-entries | Maximum number of entries to generate | | | | -stats | Show statistics | | | | -debug | Show debug information | | | | -version | Show AlterX version | |

Pattern Variables

| | Variable | Descripción | | | --- | --- | | | \\{\\{word\\}\\} | Extracts words from input | | | | \\{\\{number\\}\\} | Extracts numbers from input | | | | \\{\\{char\\}\\} | Extracts characters from input | |

Pattern Modifiers

| | Modifier | Descripción | | | --- | --- | | | :uppercase | Converts to uppercase | | | | :lowercase | Converts to lowercase | | | | :capitalize | Capitalizes first letter | |

Resources

This hoja de trucos provides a comprehensive reference for using AlterX, from basic wordlist generation to advanced pattern uso and integration with other tools. For the most up-to-date information, always refer to the official documentación.