Hoja de Referencia Rápida del Generador de Listas de Palabras de Subdominio AlterX¶
Descripción General¶
AlterX es un generador de listas de palabras de subdominio rápido y personalizable desarrollado por Project Discovery. Utiliza patrones y lenguaje específico de dominio (DSL) para generar permutaciones y alteraciones de subdominios, convirtiéndolo en una herramienta poderosa para enumeración activa de subdominios. AlterX se integra en el pipeline de enumeración activa de subdominios, complementando herramientas de descubrimiento pasivo de subdominios como Subfinder.
Lo que distingue a AlterX de otros generadores de listas de palabras es su enfoque basado en patrones y su capacidad para generar listas de palabras dirigidas y conscientes del contexto. En lugar de usar listas de palabras genéricas, AlterX puede crear permutaciones basadas en subdominios conocidos, permitiendo un descubrimiento más efectivo de subdominios relacionados. Este enfoque aumenta significativamente las posibilidades de encontrar subdominios válidos durante evaluaciones de seguridad y búsqueda de recompensas por errores.
AlterX está diseñado para usarse en combinación con herramientas como ShuffleDNS u otras herramientas de fuerza bruta de DNS para descubrir nuevos subdominios que podrían no encontrarse mediante métodos de enumeración pasiva. Sus patrones personalizables y su algoritmo de generación eficiente lo convierten en una herramienta esencial para una enumeración de subdominios completa.
Instalación¶
Usando Go¶
Would you like me to continue with the remaining sections?```bash
Install using Go (requires Go 1.20 or later)¶
go install -v github.com/projectdiscovery/alterx/cmd/alterx@latest
Verify installation¶
alterx -version
### Using Docker
```bash
# Pull the latest Docker image
docker pull projectdiscovery/alterx:latest
# Run AlterX using Docker
docker run -it projectdiscovery/alterx:latest -h
Using Homebrew (macOS)¶
Using PDTM (Project Discovery Tools Manager)¶
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
# Install AlterX using PDTM
pdtm -i alterx
# Verify installation
alterx -version
On Kali Linux¶
Basic Usage¶
Generating Wordlists¶
# Generate wordlist using default patterns
alterx -l subdomains.txt
# Generate wordlist with specific pattern
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev"
# Generate wordlist from a single domain
alterx -d example.com -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"
# Generate wordlist from multiple domains
alterx -d example.com,hackerone.com -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"
Output Options¶
# Save results to a file
alterx -l subdomains.txt -o wordlist.txt
# Output in JSON format
alterx -l subdomains.txt -json -o wordlist.json
# Silent mode (only wordlist entries)
alterx -l subdomains.txt -silent
Pattern Usage¶
Basic Patterns¶
# Use word pattern (extracts words from input)
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}"
# Use number pattern (extracts numbers from input)
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}"
# Use character pattern (extracts characters from input)
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}"
# Combine multiple patterns
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"
Advanced Patterns¶
# Use prefix pattern
alterx -l subdomains.txt -p "dev-\\\\{\\\\{word\\\\}\\\\}"
# Use suffix pattern
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-prod"
# Use multiple patterns
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev,\\\\{\\\\{word\\\\}\\\\}-prod,\\\\{\\\\{word\\\\}\\\\}-stage"
# Use patterns from a file
alterx -l subdomains.txt -pf patterns.txt
Pattern Modifiers¶
# Use uppercase modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:uppercase\\\\}\\\\}"
# Use lowercase modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:lowercase\\\\}\\\\}"
# Use capitalize modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:capitalize\\\\}\\\\}"
# Use multiple modifiers
alterx -l subdomains.txt -p "\\\\{\\\\{word:lowercase:capitalize\\\\}\\\\}"
Advanced Usage¶
Word Extraction¶
# Extract words from input
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -extract-words
# Set minimum word length
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -min-word-length 3
# Set maximum word length
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -max-word-length 10
Number Extraction¶
# Extract numbers from input
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -extract-numbers
# Set minimum number length
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -min-number-length 1
# Set maximum number length
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -max-number-length 5
Character Extraction¶
# Extract characters from input
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -extract-chars
# Set minimum character length
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -min-char-length 1
# Set maximum character length
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -max-char-length 3
Pattern Examples¶
Common Subdomain Patterns¶
# Development environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev,dev-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.dev"
# Staging environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-stage,stage-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.stage"
# Production environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-prod,prod-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.prod"
# API endpoints
alterx -l subdomains.txt -p "api-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}-api,api.\\\\{\\\\{word\\\\}\\\\}"
# Admin panels
alterx -l subdomains.txt -p "admin-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}-admin,admin.\\\\{\\\\{word\\\\}\\\\}"
Numeric Patterns¶
# Append numbers
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}\\\\{\\\\{number\\\\}\\\\}"
# Prepend numbers
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}\\\\{\\\\{word\\\\}\\\\}"
# Separate with hyphen
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"
# Separate with dot
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}.\\\\{\\\\{number\\\\}\\\\}"
Regional Patterns¶
# Geographic regions
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-us,\\\\{\\\\{word\\\\}\\\\}-eu,\\\\{\\\\{word\\\\}\\\\}-asia"
# Countries
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-uk,\\\\{\\\\{word\\\\}\\\\}-ca,\\\\{\\\\{word\\\\}\\\\}-au"
# Cities
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-nyc,\\\\{\\\\{word\\\\}\\\\}-lon,\\\\{\\\\{word\\\\}\\\\}-sfo"
Integration with Other Tools¶
Pipeline with ShuffleDNS¶
# Generate wordlist and use it for DNS brute-forcing
alterx -l subdomains.txt -silent|shuffledns -d example.com -w /dev/stdin -r resolvers.txt
# Generate wordlist, filter, and use for DNS brute-forcing
alterx -l subdomains.txt -silent|grep -v "test"|shuffledns -d example.com -w /dev/stdin -r resolvers.txt
Pipeline with Subfinder¶
# Find subdomains passively and use them to generate wordlist
subfinder -d example.com -silent|alterx -p "\\\\{\\\\{word\\\\}\\\\}-dev,\\\\{\\\\{word\\\\}\\\\}-stage" -silent
# Find subdomains, generate wordlist, and use for DNS brute-forcing
subfinder -d example.com -silent|alterx -p "\\\\{\\\\{word\\\\}\\\\}-dev" -silent|shuffledns -d example.com -w /dev/stdin -r resolvers.txt
Pipeline with HTTPX¶
# Generate wordlist, resolve domains, and probe for HTTP services
alterx -l subdomains.txt -silent|dnsx -a -resp-only|httpx -silent
# Generate wordlist for specific domain and probe for HTTP services
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-api" -silent|dnsx -a -resp-only -d example.com|httpx -silent
Output Customization¶
Custom Output Format¶
# Output only wordlist entries
alterx -l subdomains.txt -silent
# Count generated entries
alterx -l subdomains.txt -silent|wc -l
# Sort output alphabetically
alterx -l subdomains.txt -silent|sort
# Remove duplicates
alterx -l subdomains.txt -silent|sort -u
```### Filtrado de Salida
```bash
# Filter by pattern
alterx -l subdomains.txt -silent|grep "dev"
# Filter out pattern
alterx -l subdomains.txt -silent|grep -v "test"
# Filter by length
alterx -l subdomains.txt -silent|awk 'length($0) < 20'
```## Filtrado Avanzado
```bash
# Filter by word count
alterx -l subdomains.txt -silent|awk 'NF==1' # Single word
alterx -l subdomains.txt -silent|awk 'NF==2' # Two words
# Filter by character type
alterx -l subdomains.txt -silent|grep -E '^[a-z]+
## Performance Optimization
### Concurrency and Rate Limiting
```bash
# Establecer concurrencia (por defecto: 10)
alterx -l subdomains.txt -c 20
# Establecer límite de tasa
alterx -l subdomains.txt -rate-limit 100
Optimization for Large Inputs¶
# Usar modo de transmisión para entradas grandes
alterx -l large-subdomains.txt -stream
# Limitar entradas máximas
alterx -l subdomains.txt -max-entries 1000
Troubleshooting¶
Common Issues¶
- Memory Issues ```bash # Usar modo de transmisión para entradas grandes alterx -l large-subdomains.txt -stream
# Limitar entradas máximas alterx -l subdomains.txt -max-entries 1000 ```
- Pattern Issues ```bash # Verificar sintaxis de patrón alterx -l subdomains.txt -p "{{word}}-dev" -debug
# Usar patrones simples primero alterx -l subdomains.txt -p "{{word}}" ```
- No Output ```bash # Verificar archivo de entrada cat subdomains.txt
# Usar modo detallado alterx -l subdomains.txt -v ```
- Duplicate Entries
bash # Eliminar duplicados alterx -l subdomains.txt -silent|sort -u
Debugging¶
# Habilitar modo detallado
alterx -l subdomains.txt -v
# Mostrar información de depuración
alterx -l subdomains.txt -debug
# Mostrar estadísticas
alterx -l subdomains.txt -stats
Configuration¶
Configuration File¶
AlterX uses a configuration file located at $HOME/.config/alterx/config.yaml. You can customize various settings in this file:
# Archivo de configuración de ejemplo
concurrency: 10
rate-limit: 100
patterns:
- "\{\{word\}\}-dev"
- "\{\{word\}\}-stage"
- "\{\{word\}\}-prod"
Environment Variables¶
# Configurar AlterX mediante variables de entorno
export ALTERX_CONCURRENCY=10
export ALTERX_RATE_LIMIT=100
export ALTERX_PATTERNS="\{\{word\}\}-dev,\{\{word\}\}-stage,\{\{word\}\}-prod"
Reference¶
Command Line Options¶
| Flag | Description |
|---|---|
-d, -domain |
Target domain(s) to use for wordlist generation |
-l, -list |
File containing list of domains to use for wordlist generation |
-p, -pattern |
Pattern(s) to use for wordlist generation |
-pf, -pattern-file |
File containing patterns to use for wordlist generation |
-o, -output |
File to write output to |
-json |
Write output in JSON format |
-silent |
Show only wordlist entries in output |
-v, -verbose |
Show verbose output |
-extract-words |
Extract words from input |
-extract-numbers |
Extract numbers from input |
-extract-chars |
Extract characters from input |
-min-word-length |
Minimum word length |
-max-word-length |
Maximum word length |
-min-number-length |
Minimum number length |
-max-number-length |
Maximum number length |
-min-char-length |
Minimum character length |
-max-char-length |
Maximum character length |
-c, -concurrency |
Number of concurrent workers |
-rate-limit |
Maximum number of entries per second |
-stream |
Stream mode for large inputs |
-max-entries |
Maximum number of entries to generate |
-stats |
Show statistics |
-debug |
Show debug information |
-version |
Show AlterX version |
Pattern Variables¶
| Variable | Description |
|---|---|
\{\{word\}\} |
Extracts words from input |
\{\{number\}\} |
Extracts numbers from input |
\{\{char\}\} |
Extracts characters from input |
Pattern Modifiers¶
| Modifier | Description |
|---|---|
:uppercase |
Converts to uppercase |
:lowercase |
Converts to lowercase |
:capitalize |
Capitalizes first letter |
Resources¶
This cheat sheet provides a comprehensive reference for using AlterX, from basic wordlist generation to advanced pattern usage and integration with other tools. For the most up-to-date information, always refer to the official documentation.
# Only lowercase alterx -l subdomains.txt -silent|grep -E '[0-9]' # Contains numbers
Filter by domain pattern¶
alterx -l subdomains.txt -silent|grep -E '^api-' # Starts with "api-" alterx -l subdomains.txt -silent|grep -E '-dev
Performance Optimization¶
Concurrency and Rate Limiting¶
CODE_BLOCK_22
Optimization for Large Inputs¶
CODE_BLOCK_23
Troubleshooting¶
Common Issues¶
-
Memory Issues CODE_BLOCK_24
-
Pattern Issues CODE_BLOCK_25
-
No Output CODE_BLOCK_26
-
Duplicate Entries CODE_BLOCK_27
Debugging¶
CODE_BLOCK_28
Configuration¶
Configuration File¶
AlterX uses a configuration file located at $HOME/.config/alterx/config.yaml. You can customize various settings in this file:
CODE_BLOCK_29
Environment Variables¶
CODE_BLOCK_30
Reference¶
Command Line Options¶
| Flag | Description |
|---|---|
-d, -domain |
Target domain(s) to use for wordlist generation |
-l, -list |
File containing list of domains to use for wordlist generation |
-p, -pattern |
Pattern(s) to use for wordlist generation |
-pf, -pattern-file |
File containing patterns to use for wordlist generation |
-o, -output |
File to write output to |
-json |
Write output in JSON format |
-silent |
Show only wordlist entries in output |
-v, -verbose |
Show verbose output |
-extract-words |
Extract words from input |
-extract-numbers |
Extract numbers from input |
-extract-chars |
Extract characters from input |
-min-word-length |
Minimum word length |
-max-word-length |
Maximum word length |
-min-number-length |
Minimum number length |
-max-number-length |
Maximum number length |
-min-char-length |
Minimum character length |
-max-char-length |
Maximum character length |
-c, -concurrency |
Number of concurrent workers |
-rate-limit |
Maximum number of entries per second |
-stream |
Stream mode for large inputs |
-max-entries |
Maximum number of entries to generate |
-stats |
Show statistics |
-debug |
Show debug information |
-version |
Show AlterX version |
Pattern Variables¶
| Variable | Description |
|---|---|
\{\{word\}\} |
Extracts words from input |
\{\{number\}\} |
Extracts numbers from input |
\{\{char\}\} |
Extracts characters from input |
Pattern Modifiers¶
| Modifier | Description |
|---|---|
:uppercase |
Converts to uppercase |
:lowercase |
Converts to lowercase |
:capitalize |
Capitalizes first letter |
Resources¶
This cheat sheet provides a comprehensive reference for using AlterX, from basic wordlist generation to advanced pattern usage and integration with other tools. For the most up-to-date information, always refer to the official documentation.
# Ends with "-dev"
```## Optimización de Rendimiento
Concurrencia y Límite de Tasa¶
CODE_BLOCK_22
Optimización para Entradas Grandes¶
CODE_BLOCK_23
Resolución de Problemas¶
Problemas Comunes¶
$HOME/.config/alterx/config.yamlProblemas de Memoria
CODE_BLOCK_24
| Bandera | Descripción |
|---|---|
-d, -domain |
Dominio(s) objetivo para generar lista de palabras |
-l, -list |
Archivo que contiene lista de dominios para usar en la generación de lista de palabras |
-p, -pattern |
Patrón(es) a usar para la generación de listas de palabras |
-pf, -pattern-file |
Archivo que contiene patrones para usar en la generación de listas de palabras |
-o, -output |
Archivo para escribir la salida |
-json |
Escribir la salida en formato JSON |
-silent |
Mostrar solo entradas de lista de palabras en la salida |
-v, -verbose |
Mostrar salida detallada |
-extract-words |
Extraer palabras de entrada |
-extract-numbers |
Extraer números de entrada |
-extract-chars |
Extraer caracteres de entrada |
-min-word-length |
Longitud mínima de palabra |
-max-word-length |
Longitud máxima de palabra |
-min-number-length |
Longitud mínima de número |
-max-number-length |
Longitud máxima de número |
-min-char-length |
Longitud mínima de caracteres |
-max-char-length |
Longitud máxima de caracteres |
-c, -concurrency |
Número de workers concurrentes |
-rate-limit |
Número máximo de entradas por segundo |
-stream |
Modo stream para entradas grandes |
-max-entries |
Número máximo de entradas a generar |
-stats |
Mostrar estadísticas |
-debug |
Mostrar información de depuración |
-version |
Mostrar versión de AlterX |
| CODE_BLOCK_25 |
| Variable | Descripción |
|---|---|
\\{\\{word\\}\\} |
Extrae palabras de la entrada |
\\{\\{number\\}\\} |
Extrae números de la entrada |
\\{\\{char\\}\\} |
Extrae caracteres de la entrada |
| CODE_BLOCK_26 |
| Modificador | Descripción |
|---|---|
:uppercase |
Convierte a mayúsculas |
:lowercase |
Convierte a minúsculas |
:capitalize |
Pone en mayúscula la primera letra |
| CODE_BLOCK_27 |
Depuración¶
CODE_BLOCK_28
Configuración¶
Archivo de Configuración¶
AlterX usa un archivo de configuración ubicado en https://docs.projectdiscovery.io/tools/alterx. Puedes personalizar varias configuraciones en este archivo:
CODE_BLOCK_29
Variables de Entorno¶
CODE_BLOCK_30
Referencia¶
Opciones de Línea de Comandos¶
https://github.com/projectdiscovery/alterx
Variables de Patrón¶
https://discord.gg/projectdiscovery