Générateur de Liste de Sous-Domaines AlterX - Aide-Mémoire

Aperçu

AlterX est un générateur de liste de sous-domaines rapide et personnalisable développé par Project Discovery. Il utilise des modèles et un langage spécifique au domaine (DSL) pour générer des permutations et des variations de sous-domaines, ce qui en fait un outil puissant pour l’énumération active de sous-domaines. AlterX s’intègre dans le pipeline d’énumération active de sous-domaines, complétant les outils de découverte passive de sous-domaines comme Subfinder.

Ce qui distingue AlterX des autres générateurs de listes de mots, c’est son approche basée sur des modèles et sa capacité à générer des listes de mots ciblées et contextuelles. Au lieu d’utiliser des listes de mots génériques, AlterX peut créer des permutations basées sur des sous-domaines connus, permettant une découverte plus efficace des sous-domaines associés. Cette approche augmente considérablement les chances de trouver des sous-domaines valides lors d’évaluations de sécurité et de chasses aux bugs.

AlterX est conçu pour être utilisé en combinaison avec des outils comme ShuffleDNS ou d’autres outils de force brute DNS pour découvrir de nouveaux sous-domaines qui pourraient ne pas être trouvés par des méthodes d’énumération passive. Ses modèles personnalisables et son algorithme de génération efficace en font un outil essentiel pour une énumération complète de sous-domaines.

Installation

Utilisation de Go

Would you like me to continue with the remaining sections?```bash

Install using Go (requires Go 1.20 or later)

go install -v github.com/projectdiscovery/alterx/cmd/alterx@latest

Verify installation

alterx -version

### Using Docker

```bash
# Pull the latest Docker image
docker pull projectdiscovery/alterx:latest

# Run AlterX using Docker
docker run -it projectdiscovery/alterx:latest -h

Using Homebrew (macOS)

# Install using Homebrew
brew install alterx

# Verify installation
alterx -version

Using PDTM (Project Discovery Tools Manager)

# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest

# Install AlterX using PDTM
pdtm -i alterx

# Verify installation
alterx -version

On Kali Linux

# Install using apt
sudo apt install alterx

# Verify installation
alterx -version

Basic Usage

Generating Wordlists

# Generate wordlist using default patterns
alterx -l subdomains.txt

# Generate wordlist with specific pattern
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev"

# Generate wordlist from a single domain
alterx -d example.com -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"

# Generate wordlist from multiple domains
alterx -d example.com,hackerone.com -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"

Output Options

# Save results to a file
alterx -l subdomains.txt -o wordlist.txt

# Output in JSON format
alterx -l subdomains.txt -json -o wordlist.json

# Silent mode (only wordlist entries)
alterx -l subdomains.txt -silent

Pattern Usage

Basic Patterns

# Use word pattern (extracts words from input)
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}"

# Use number pattern (extracts numbers from input)
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}"

# Use character pattern (extracts characters from input)
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}"

# Combine multiple patterns
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"

Advanced Patterns

# Use prefix pattern
alterx -l subdomains.txt -p "dev-\\\\{\\\\{word\\\\}\\\\}"

# Use suffix pattern
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-prod"

# Use multiple patterns
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev,\\\\{\\\\{word\\\\}\\\\}-prod,\\\\{\\\\{word\\\\}\\\\}-stage"

# Use patterns from a file
alterx -l subdomains.txt -pf patterns.txt

Pattern Modifiers

# Use uppercase modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:uppercase\\\\}\\\\}"

# Use lowercase modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:lowercase\\\\}\\\\}"

# Use capitalize modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:capitalize\\\\}\\\\}"

# Use multiple modifiers
alterx -l subdomains.txt -p "\\\\{\\\\{word:lowercase:capitalize\\\\}\\\\}"

Advanced Usage

Word Extraction

# Extract words from input
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -extract-words

# Set minimum word length
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -min-word-length 3

# Set maximum word length
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -max-word-length 10

Number Extraction

# Extract numbers from input
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -extract-numbers

# Set minimum number length
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -min-number-length 1

# Set maximum number length
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -max-number-length 5

Character Extraction

# Extract characters from input
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -extract-chars

# Set minimum character length
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -min-char-length 1

# Set maximum character length
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -max-char-length 3

Pattern Examples

Common Subdomain Patterns

# Development environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev,dev-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.dev"

# Staging environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-stage,stage-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.stage"

# Production environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-prod,prod-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.prod"

# API endpoints
alterx -l subdomains.txt -p "api-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}-api,api.\\\\{\\\\{word\\\\}\\\\}"

# Admin panels
alterx -l subdomains.txt -p "admin-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}-admin,admin.\\\\{\\\\{word\\\\}\\\\}"

Numeric Patterns

# Append numbers
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}\\\\{\\\\{number\\\\}\\\\}"

# Prepend numbers
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}\\\\{\\\\{word\\\\}\\\\}"

# Separate with hyphen
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"

# Separate with dot
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}.\\\\{\\\\{number\\\\}\\\\}"

Regional Patterns

# Geographic regions
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-us,\\\\{\\\\{word\\\\}\\\\}-eu,\\\\{\\\\{word\\\\}\\\\}-asia"

# Countries
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-uk,\\\\{\\\\{word\\\\}\\\\}-ca,\\\\{\\\\{word\\\\}\\\\}-au"

# Cities
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-nyc,\\\\{\\\\{word\\\\}\\\\}-lon,\\\\{\\\\{word\\\\}\\\\}-sfo"

Integration with Other Tools

Pipeline with ShuffleDNS

# Generate wordlist and use it for DNS brute-forcing
alterx -l subdomains.txt -silent|shuffledns -d example.com -w /dev/stdin -r resolvers.txt

# Generate wordlist, filter, and use for DNS brute-forcing
alterx -l subdomains.txt -silent|grep -v "test"|shuffledns -d example.com -w /dev/stdin -r resolvers.txt

Pipeline with Subfinder

# Find subdomains passively and use them to generate wordlist
subfinder -d example.com -silent|alterx -p "\\\\{\\\\{word\\\\}\\\\}-dev,\\\\{\\\\{word\\\\}\\\\}-stage" -silent

# Find subdomains, generate wordlist, and use for DNS brute-forcing
subfinder -d example.com -silent|alterx -p "\\\\{\\\\{word\\\\}\\\\}-dev" -silent|shuffledns -d example.com -w /dev/stdin -r resolvers.txt

Pipeline with HTTPX

# Generate wordlist, resolve domains, and probe for HTTP services
alterx -l subdomains.txt -silent|dnsx -a -resp-only|httpx -silent

# Generate wordlist for specific domain and probe for HTTP services
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-api" -silent|dnsx -a -resp-only -d example.com|httpx -silent

Output Customization

Custom Output Format

# Output only wordlist entries
alterx -l subdomains.txt -silent

# Count generated entries
alterx -l subdomains.txt -silent|wc -l

# Sort output alphabetically
alterx -l subdomains.txt -silent|sort

# Remove duplicates
alterx -l subdomains.txt -silent|sort -u
```### Filtrage de la sortie
```bash
# Filter by pattern
alterx -l subdomains.txt -silent|grep "dev"

# Filter out pattern
alterx -l subdomains.txt -silent|grep -v "test"

# Filter by length
alterx -l subdomains.txt -silent|awk 'length($0) < 20'
```## Filtrage avancé
```bash
# Filter by word count
alterx -l subdomains.txt -silent|awk 'NF==1'  # Single word
alterx -l subdomains.txt -silent|awk 'NF==2'  # Two words

# Filter by character type
alterx -l subdomains.txt -silent|grep -E '^[a-z]+

## Performance Optimization

### Concurrency and Rate Limiting

```bash
# Définir la concurrence (par défaut : 10)
alterx -l subdomains.txt -c 20

# Définir la limite de débit
alterx -l subdomains.txt -rate-limit 100

Optimization for Large Inputs

# Utiliser le mode flux pour les grandes entrées
alterx -l large-subdomains.txt -stream

# Limiter le nombre maximum d'entrées
alterx -l subdomains.txt -max-entries 1000

Troubleshooting

Common Issues

1. Memory Issues

   # Utiliser le mode flux pour les grandes entrées
   alterx -l large-subdomains.txt -stream
   
   # Limiter le nombre maximum d'entrées
   alterx -l subdomains.txt -max-entries 1000

2. **Pattern Issues**
   ```bash
   # Vérifier la syntaxe du motif
   alterx -l subdomains.txt -p "\{\{word\}\}-dev" -debug

   # Utiliser d'abord des motifs simples
   alterx -l subdomains.txt -p "\{\{word\}\}"

3. No Output

   # Vérifier le fichier d'entrée
   cat subdomains.txt
   
   # Utiliser le mode verbose
   alterx -l subdomains.txt -v

4. **Duplicate Entries**
   ```bash
   # Supprimer les doublons
   alterx -l subdomains.txt -silent|sort -u

Debugging

# Activer le mode verbose
alterx -l subdomains.txt -v

# Afficher les informations de débogage
alterx -l subdomains.txt -debug

# Afficher les statistiques
alterx -l subdomains.txt -stats

Configuration

Configuration File

AlterX uses a configuration file located at $HOME/.config/alterx/config.yaml. You can customize various settings in this file:

# Exemple de fichier de configuration
concurrency: 10
rate-limit: 100
patterns:
  - "\{\{word\}\}-dev"
  - "\{\{word\}\}-stage"
  - "\{\{word\}\}-prod"

Environment Variables

# Configurer AlterX via des variables d'environnement
export ALTERX_CONCURRENCY=10
export ALTERX_RATE_LIMIT=100
export ALTERX_PATTERNS="\{\{word\}\}-dev,\{\{word\}\}-stage,\{\{word\}\}-prod"

Reference

Command Line Options

Flag	Description
-d, -domain	Target domain(s) to use for wordlist generation
-l, -list	File containing list of domains to use for wordlist generation
-p, -pattern	Pattern(s) to use for wordlist generation
-pf, -pattern-file	File containing patterns to use for wordlist generation
-o, -output	File to write output to
-json	Write output in JSON format
-silent	Show only wordlist entries in output
-v, -verbose	Show verbose output
-extract-words	Extract words from input
-extract-numbers	Extract numbers from input
-extract-chars	Extract characters from input
-min-word-length	Minimum word length
-max-word-length	Maximum word length
-min-number-length	Minimum number length
-max-number-length	Maximum number length
-min-char-length	Minimum character length
-max-char-length	Maximum character length
-c, -concurrency	Number of concurrent workers
-rate-limit	Maximum number of entries per second
-stream	Stream mode for large inputs
-max-entries	Maximum number of entries to generate
-stats	Show statistics
-debug	Show debug information
-version	Show AlterX version

Pattern Variables

Variable	Description
\{\{word\}\}	Extracts words from input
\{\{number\}\}	Extracts numbers from input
\{\{char\}\}	Extracts characters from input

Pattern Modifiers

Modifier	Description
:uppercase	Converts to uppercase
:lowercase	Converts to lowercase
:capitalize	Capitalizes first letter

Resources

• Official Documentation
• GitHub Repository
• Project Discovery Discord

---

This cheat sheet provides a comprehensive reference for using AlterX, from basic wordlist generation to advanced pattern usage and integration with other tools. For the most up-to-date information, always refer to the official documentation.

Only lowercase

alterx -l subdomains.txt -silent|grep -E ‘[0-9]’ # Contains numbers

Filter by domain pattern

alterx -l subdomains.txt -silent|grep -E ‘^api-’ # Starts with “api-” alterx -l subdomains.txt -silent|grep -E ‘-dev

Performance Optimization

Concurrency and Rate Limiting

CODE_BLOCK_22

Optimization for Large Inputs

CODE_BLOCK_23

Troubleshooting

Common Issues

1. Memory Issues CODE_BLOCK_24

2. Pattern Issues CODE_BLOCK_25

3. No Output CODE_BLOCK_26

4. Duplicate Entries CODE_BLOCK_27

Debugging

CODE_BLOCK_28

Configuration

Configuration File

AlterX uses a configuration file located at $HOME/.config/alterx/config.yaml. You can customize various settings in this file:

CODE_BLOCK_29

Environment Variables

CODE_BLOCK_30

Reference

Command Line Options

Flag	Description
-d, -domain	Target domain(s) to use for wordlist generation
-l, -list	File containing list of domains to use for wordlist generation
-p, -pattern	Pattern(s) to use for wordlist generation
-pf, -pattern-file	File containing patterns to use for wordlist generation
-o, -output	File to write output to
-json	Write output in JSON format
-silent	Show only wordlist entries in output
-v, -verbose	Show verbose output
-extract-words	Extract words from input
-extract-numbers	Extract numbers from input
-extract-chars	Extract characters from input
-min-word-length	Minimum word length
-max-word-length	Maximum word length
-min-number-length	Minimum number length
-max-number-length	Maximum number length
-min-char-length	Minimum character length
-max-char-length	Maximum character length
-c, -concurrency	Number of concurrent workers
-rate-limit	Maximum number of entries per second
-stream	Stream mode for large inputs
-max-entries	Maximum number of entries to generate
-stats	Show statistics
-debug	Show debug information
-version	Show AlterX version

Pattern Variables

Variable	Description
\{\{word\}\}	Extracts words from input
\{\{number\}\}	Extracts numbers from input
\{\{char\}\}	Extracts characters from input

Pattern Modifiers

Modifier	Description
:uppercase	Converts to uppercase
:lowercase	Converts to lowercase
:capitalize	Capitalizes first letter

Resources

• Official Documentation
• GitHub Repository
• Project Discovery Discord

---

This cheat sheet provides a comprehensive reference for using AlterX, from basic wordlist generation to advanced pattern usage and integration with other tools. For the most up-to-date information, always refer to the official documentation.

 # Ends with "-dev"

### Concurrence et limitation de débit

__CODE_BLOCK_22__

### Optimisation pour les grandes entrées

__CODE_BLOCK_23__

## Dépannage

### Problèmes courants
`$HOME/.config/alterx/config.yaml`**Problèmes de mémoire**
   __CODE_BLOCK_24__

| Drapeau | Description |
|------|-------------|
| `-d, -domain` | Domaine(s) cible(s) à utiliser pour la génération de liste de mots |
| `-l, -list` | Fichier contenant la liste des domaines à utiliser pour la génération de la liste de mots |
| `-p, -pattern` | Modèle(s) à utiliser pour la génération de liste de mots |
| `-pf, -pattern-file` | Fichier contenant des modèles à utiliser pour la génération de liste de mots |
| `-o, -output` | Fichier à écrire en sortie |
| `-json` | Écrire la sortie au format JSON |
| `-silent` | Afficher uniquement les entrées de la liste de mots dans la sortie |
| `-v, -verbose` | Afficher la sortie détaillée |
| `-extract-words` | Extraire des mots de l'entrée |
| `-extract-numbers` | Extraire les nombres de l'entrée |
| `-extract-chars` | Extraire des caractères à partir de l'entrée |
| `-min-word-length` | Longueur minimale de mot |
| `-max-word-length` | Longueur maximale des mots |
| `-min-number-length` | Longueur minimale du nombre |
| `-max-number-length` | Longueur maximale du nombre |
| `-min-char-length` | Longueur minimale de caractères |
| `-max-char-length` | Longueur maximale de caractères |
| `-c, -concurrency` | Nombre de workers concurrents |
| `-rate-limit` | Nombre maximum d'entrées par seconde |
| `-stream` | Mode stream pour grandes entrées |
| `-max-entries` | Nombre maximum d'entrées à générer |
| `-stats` | Afficher les statistiques |
| `-debug` | Afficher les informations de débogage |
| `-version` | Afficher la version d'AlterX |**Problèmes de motif**
   __CODE_BLOCK_25__

| Variable | Description |
|----------|-------------|
| `\\{\\{word\\}\\}` | Extrait des mots de l'entrée |
| `\\{\\{number\\}\\}` | Extrait les nombres de l'entrée |
| `\\{\\{char\\}\\}` | Extrait des caractères de l'entrée |**Aucune sortie**
   __CODE_BLOCK_26__

| Modifier | Description |
|----------|-------------|
| `:uppercase` | Convertit en majuscules |
| `:lowercase` | Convertit en minuscules |
| `:capitalize` | Mets en majuscule la première lettre |**Entrées en double**
   __CODE_BLOCK_27__

### Débogage

__CODE_BLOCK_28__

## Configuration

### Fichier de configuration

AlterX utilise un fichier de configuration situé à https://docs.projectdiscovery.io/tools/alterx. Vous pouvez personnaliser divers paramètres dans ce fichier :

__CODE_BLOCK_29__

### Variables d'environnement

__CODE_BLOCK_30__

## Référence

### Options de ligne de commande
https://github.com/projectdiscovery/alterx
### Variables de motif
https://discord.gg/projectdiscovery
### Modificateurs de motif