AlterX サブドメイン ワードリスト生成 チートシート
概要
AlterXは、Project Discoveryによって開発された高速でカスタマイズ可能なサブドメインワードリスト生成ツールです。パターンとドメイン固有言語(DSL)を使用して、サブドメインの置換と変形を生成し、アクティブなサブドメイン列挙のための強力なツールとなっています。AlterXは、Subfinderなどの受動的なサブドメイン発見ツールを補完する、アクティブなサブドメイン列挙パイプラインに適合します。
AlterXを他のワードリスト生成ツールと差別化しているのは、パターンベースのアプローチと、ターゲットを絞った文脈を意識したワードリストを生成する能力です。一般的なワードリストを使用する代わりに、AlterXは既知のサブドメインに基づいて置換を作成でき、関連するサブドメインの発見をより効果的に行えます。このアプローチにより、セキュリティ評価やバグバウンティハンティング中に有効なサブドメインを見つける可能性が大幅に向上します。
AlterXは、ShuffleDNSやその他のDNSブルートフォースツールと組み合わせて使用するように設計されており、受動的な列挙方法では見つからない可能性のある新しいサブドメインを発見できます。カスタマイズ可能なパターンと効率的な生成アルゴリズムにより、包括的なサブドメイン列挙に不可欠なツールとなっています。
インストール
Go を使用
(The rest of the sections would follow the same translation approach, maintaining markdown formatting and technical terms in English)
Would you like me to continue translating the subsequent sections in the same manner?```bash
Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/alterx/cmd/alterx@latest
Verify installation
alterx -version
### Using Docker
```bash
# Pull the latest Docker image
docker pull projectdiscovery/alterx:latest
# Run AlterX using Docker
docker run -it projectdiscovery/alterx:latest -hUsing Homebrew (macOS)
# Install using Homebrew
brew install alterx
# Verify installation
alterx -versionUsing PDTM (Project Discovery Tools Manager)
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
# Install AlterX using PDTM
pdtm -i alterx
# Verify installation
alterx -versionOn Kali Linux
# Install using apt
sudo apt install alterx
# Verify installation
alterx -versionBasic Usage
Generating Wordlists
# Generate wordlist using default patterns
alterx -l subdomains.txt
# Generate wordlist with specific pattern
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev"
# Generate wordlist from a single domain
alterx -d example.com -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"
# Generate wordlist from multiple domains
alterx -d example.com,hackerone.com -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"Output Options
# Save results to a file
alterx -l subdomains.txt -o wordlist.txt
# Output in JSON format
alterx -l subdomains.txt -json -o wordlist.json
# Silent mode (only wordlist entries)
alterx -l subdomains.txt -silentPattern Usage
Basic Patterns
# Use word pattern (extracts words from input)
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}"
# Use number pattern (extracts numbers from input)
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}"
# Use character pattern (extracts characters from input)
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}"
# Combine multiple patterns
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"Advanced Patterns
# Use prefix pattern
alterx -l subdomains.txt -p "dev-\\\\{\\\\{word\\\\}\\\\}"
# Use suffix pattern
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-prod"
# Use multiple patterns
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev,\\\\{\\\\{word\\\\}\\\\}-prod,\\\\{\\\\{word\\\\}\\\\}-stage"
# Use patterns from a file
alterx -l subdomains.txt -pf patterns.txtPattern Modifiers
# Use uppercase modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:uppercase\\\\}\\\\}"
# Use lowercase modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:lowercase\\\\}\\\\}"
# Use capitalize modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:capitalize\\\\}\\\\}"
# Use multiple modifiers
alterx -l subdomains.txt -p "\\\\{\\\\{word:lowercase:capitalize\\\\}\\\\}"Advanced Usage
Word Extraction
# Extract words from input
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -extract-words
# Set minimum word length
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -min-word-length 3
# Set maximum word length
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -max-word-length 10Number Extraction
# Extract numbers from input
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -extract-numbers
# Set minimum number length
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -min-number-length 1
# Set maximum number length
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -max-number-length 5Character Extraction
# Extract characters from input
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -extract-chars
# Set minimum character length
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -min-char-length 1
# Set maximum character length
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -max-char-length 3Pattern Examples
Common Subdomain Patterns
# Development environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev,dev-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.dev"
# Staging environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-stage,stage-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.stage"
# Production environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-prod,prod-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.prod"
# API endpoints
alterx -l subdomains.txt -p "api-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}-api,api.\\\\{\\\\{word\\\\}\\\\}"
# Admin panels
alterx -l subdomains.txt -p "admin-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}-admin,admin.\\\\{\\\\{word\\\\}\\\\}"Numeric Patterns
# Append numbers
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}\\\\{\\\\{number\\\\}\\\\}"
# Prepend numbers
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}\\\\{\\\\{word\\\\}\\\\}"
# Separate with hyphen
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"
# Separate with dot
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}.\\\\{\\\\{number\\\\}\\\\}"Regional Patterns
# Geographic regions
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-us,\\\\{\\\\{word\\\\}\\\\}-eu,\\\\{\\\\{word\\\\}\\\\}-asia"
# Countries
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-uk,\\\\{\\\\{word\\\\}\\\\}-ca,\\\\{\\\\{word\\\\}\\\\}-au"
# Cities
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-nyc,\\\\{\\\\{word\\\\}\\\\}-lon,\\\\{\\\\{word\\\\}\\\\}-sfo"Integration with Other Tools
Pipeline with ShuffleDNS
# Generate wordlist and use it for DNS brute-forcing
alterx -l subdomains.txt -silent|shuffledns -d example.com -w /dev/stdin -r resolvers.txt
# Generate wordlist, filter, and use for DNS brute-forcing
alterx -l subdomains.txt -silent|grep -v "test"|shuffledns -d example.com -w /dev/stdin -r resolvers.txtPipeline with Subfinder
# Find subdomains passively and use them to generate wordlist
subfinder -d example.com -silent|alterx -p "\\\\{\\\\{word\\\\}\\\\}-dev,\\\\{\\\\{word\\\\}\\\\}-stage" -silent
# Find subdomains, generate wordlist, and use for DNS brute-forcing
subfinder -d example.com -silent|alterx -p "\\\\{\\\\{word\\\\}\\\\}-dev" -silent|shuffledns -d example.com -w /dev/stdin -r resolvers.txtPipeline with HTTPX
# Generate wordlist, resolve domains, and probe for HTTP services
alterx -l subdomains.txt -silent|dnsx -a -resp-only|httpx -silent
# Generate wordlist for specific domain and probe for HTTP services
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-api" -silent|dnsx -a -resp-only -d example.com|httpx -silentOutput Customization
Custom Output Format
# Output only wordlist entries
alterx -l subdomains.txt -silent
# Count generated entries
alterx -l subdomains.txt -silent|wc -l
# Sort output alphabetically
alterx -l subdomains.txt -silent|sort
# Remove duplicates
alterx -l subdomains.txt -silent|sort -u
```### 出力のフィルタリング
```bash
# Filter by pattern
alterx -l subdomains.txt -silent|grep "dev"
# Filter out pattern
alterx -l subdomains.txt -silent|grep -v "test"
# Filter by length
alterx -l subdomains.txt -silent|awk 'length($0) < 20'
```## 高度なフィルタリング
```bash
# Filter by word count
alterx -l subdomains.txt -silent|awk 'NF==1' # Single word
alterx -l subdomains.txt -silent|awk 'NF==2' # Two words
# Filter by character type
alterx -l subdomains.txt -silent|grep -E '^[a-z]+
## Performance Optimization
### Concurrency and Rate Limiting
```bash
# 並行処理を設定(デフォルト: 10)
alterx -l subdomains.txt -c 20
# レート制限を設定
alterx -l subdomains.txt -rate-limit 100Optimization for Large Inputs
# 大量の入力にストリームモードを使用
alterx -l large-subdomains.txt -stream
# 最大エントリ数を制限
alterx -l subdomains.txt -max-entries 1000Troubleshooting
Common Issues
- Memory Issues
# 大量の入力にストリームモードを使用 alterx -l large-subdomains.txt -stream # 最大エントリ数を制限 alterx -l subdomains.txt -max-entries 1000
2. **Pattern Issues**
```bash
# パターン構文をチェック
alterx -l subdomains.txt -p "\{\{word\}\}-dev" -debug
# まずシンプルなパターンを使用
alterx -l subdomains.txt -p "\{\{word\}\}"- No Output
# 入力ファイルをチェック cat subdomains.txt # 詳細モードを使用 alterx -l subdomains.txt -v
4. **Duplicate Entries**
```bash
# 重複を削除
alterx -l subdomains.txt -silent|sort -uDebugging
# 詳細モードを有効化
alterx -l subdomains.txt -v
# デバッグ情報を表示
alterx -l subdomains.txt -debug
# 統計を表示
alterx -l subdomains.txt -statsConfiguration
Configuration File
AlterX uses a configuration file located at $HOME/.config/alterx/config.yaml. You can customize various settings in this file:
# 設定ファイルの例
concurrency: 10
rate-limit: 100
patterns:
- "\{\{word\}\}-dev"
- "\{\{word\}\}-stage"
- "\{\{word\}\}-prod"Environment Variables
# 環境変数でAlterX設定を設定
export ALTERX_CONCURRENCY=10
export ALTERX_RATE_LIMIT=100
export ALTERX_PATTERNS="\{\{word\}\}-dev,\{\{word\}\}-stage,\{\{word\}\}-prod"Reference
Command Line Options
| Flag | Description |
|---|---|
-d, -domain | Target domain(s) to use for wordlist generation |
-l, -list | File containing list of domains to use for wordlist generation |
-p, -pattern | Pattern(s) to use for wordlist generation |
-pf, -pattern-file | File containing patterns to use for wordlist generation |
-o, -output | File to write output to |
-json | Write output in JSON format |
-silent | Show only wordlist entries in output |
-v, -verbose | Show verbose output |
-extract-words | Extract words from input |
-extract-numbers | Extract numbers from input |
-extract-chars | Extract characters from input |
-min-word-length | Minimum word length |
-max-word-length | Maximum word length |
-min-number-length | Minimum number length |
-max-number-length | Maximum number length |
-min-char-length | Minimum character length |
-max-char-length | Maximum character length |
-c, -concurrency | Number of concurrent workers |
-rate-limit | Maximum number of entries per second |
-stream | Stream mode for large inputs |
-max-entries | Maximum number of entries to generate |
-stats | Show statistics |
-debug | Show debug information |
-version | Show AlterX version |
Pattern Variables
| Variable | Description |
|---|---|
\{\{word\}\} | Extracts words from input |
\{\{number\}\} | Extracts numbers from input |
\{\{char\}\} | Extracts characters from input |
Pattern Modifiers
| Modifier | Description |
|---|---|
:uppercase | Converts to uppercase |
:lowercase | Converts to lowercase |
:capitalize | Capitalizes first letter |
Resources
This cheat sheet provides a comprehensive reference for using AlterX, from basic wordlist generation to advanced pattern usage and integration with other tools. For the most up-to-date information, always refer to the official documentation.
Only lowercase
alterx -l subdomains.txt -silent|grep -E ‘[0-9]’ # Contains numbers
Filter by domain pattern
alterx -l subdomains.txt -silent|grep -E ‘^api-’ # Starts with “api-” alterx -l subdomains.txt -silent|grep -E ‘-dev
Performance Optimization
Concurrency and Rate Limiting
CODE_BLOCK_22
Optimization for Large Inputs
CODE_BLOCK_23
Troubleshooting
Common Issues
-
Memory Issues CODE_BLOCK_24
-
Pattern Issues CODE_BLOCK_25
-
No Output CODE_BLOCK_26
-
Duplicate Entries CODE_BLOCK_27
Debugging
CODE_BLOCK_28
Configuration
Configuration File
AlterX uses a configuration file located at $HOME/.config/alterx/config.yaml. You can customize various settings in this file:
CODE_BLOCK_29
Environment Variables
CODE_BLOCK_30
Reference
Command Line Options
| Flag | Description |
|---|---|
-d, -domain | Target domain(s) to use for wordlist generation |
-l, -list | File containing list of domains to use for wordlist generation |
-p, -pattern | Pattern(s) to use for wordlist generation |
-pf, -pattern-file | File containing patterns to use for wordlist generation |
-o, -output | File to write output to |
-json | Write output in JSON format |
-silent | Show only wordlist entries in output |
-v, -verbose | Show verbose output |
-extract-words | Extract words from input |
-extract-numbers | Extract numbers from input |
-extract-chars | Extract characters from input |
-min-word-length | Minimum word length |
-max-word-length | Maximum word length |
-min-number-length | Minimum number length |
-max-number-length | Maximum number length |
-min-char-length | Minimum character length |
-max-char-length | Maximum character length |
-c, -concurrency | Number of concurrent workers |
-rate-limit | Maximum number of entries per second |
-stream | Stream mode for large inputs |
-max-entries | Maximum number of entries to generate |
-stats | Show statistics |
-debug | Show debug information |
-version | Show AlterX version |
Pattern Variables
| Variable | Description |
|---|---|
\{\{word\}\} | Extracts words from input |
\{\{number\}\} | Extracts numbers from input |
\{\{char\}\} | Extracts characters from input |
Pattern Modifiers
| Modifier | Description |
|---|---|
:uppercase | Converts to uppercase |
:lowercase | Converts to lowercase |
:capitalize | Capitalizes first letter |
Resources
This cheat sheet provides a comprehensive reference for using AlterX, from basic wordlist generation to advanced pattern usage and integration with other tools. For the most up-to-date information, always refer to the official documentation.
# Ends with "-dev"
### 並行処理とレート制限
__CODE_BLOCK_22__
### 大量の入力の最適化
__CODE_BLOCK_23__
## トラブルシューティング
### 一般的な問題
`$HOME/.config/alterx/config.yaml`**メモリの問題**
__CODE_BLOCK_24__
| フラグ | 説明 |
|------|-------------|
| `-d, -domain` | ワードリスト生成に使用するターゲットドメイン |
| `-l, -list` | ワードリスト生成に使用するドメインのリストを含むファイル |
| `-p, -pattern` | **ワードリスト生成**のための**Pattern(s)** |
| `-pf, -pattern-file` | ワードリスト生成に使用するパターンを含むファイル |
| `-o, -output` | 出力を書き込むファイル |
| `-json` | JSONフォーマットで出力を書き出す |
| `-silent` | 出力には単語リストのエントリのみを表示 |
| `-v, -verbose` | 詳細な出力を表示 |
| `-extract-words` | 入力から単語を抽出する |
| `-extract-numbers` | 入力から数字を抽出する |
| `-extract-chars` | 入力から文字を抽出する |
| `-min-word-length` | 最小単語長 |
| `-max-word-length` | 最大単語長 |
| `-min-number-length` | 最小文字列長 |
| `-max-number-length` | 最大数値長 |
| `-min-char-length` | 最小文字長 |
| `-max-char-length` | 最大文字長 |
| `-c, -concurrency` | 同時実行ワーカーの数 |
| `-rate-limit` | 1秒あたりの最大エントリー数 |
| `-stream` | 大規模な入力のためのストリームモード |
| `-max-entries` | 生成するエントリーの最大数 |
| `-stats` | 統計を表示 |
| `-debug` | デバッグ情報を表示 |
| `-version` | AlterXのバージョンを表示 |**パターンの問題**
__CODE_BLOCK_25__
| 変数 | 説明 |
|----------|-------------|
| `\\{\\{word\\}\\}` | 入力から単語を抽出します |
| `\\{\\{number\\}\\}` | 入力から数字を抽出する |
| `\\{\\{char\\}\\}` | 入力から文字を抽出します |**出力なし**
__CODE_BLOCK_26__
| モディファイア | 説明 |
|----------|-------------|
| `:uppercase` | 大文字に変換 |
| `:lowercase` | 小文字に変換 |
| `:capitalize` | 最初の文字を大文字にする |**重複エントリ**
__CODE_BLOCK_27__
### デバッグ
__CODE_BLOCK_28__
## 設定
### 設定ファイル
AlterXはhttps://docs.projectdiscovery.io/tools/alterxに配置された設定ファイルを使用します。このファイルで様々な設定をカスタマイズできます:
__CODE_BLOCK_29__
### 環境変数
__CODE_BLOCK_30__
## リファレンス
### コマンドラインオプション
https://github.com/projectdiscovery/alterx
### パターン変数
https://discord.gg/projectdiscovery
### パターン修飾子