AlterX 서브도메인 워드리스트 생성기 치트 시트
개요
AlterX는 Project Discovery에서 개발한 빠르고 맞춤형 서브도메인 워드리스트 생성기입니다. 이는 패턴과 도메인 특화 언어(DSL)를 사용하여 서브도메인의 순열과 변형을 생성하여, 활성 서브도메인 열거에 강력한 도구입니다. AlterX는 Subfinder와 같은 수동적 서브도메인 발견 도구를 보완하는 활성 서브도메인 열거 파이프라인에 적합합니다.
AlterX를 다른 워드리스트 생성기와 차별화하는 점은 패턴 기반 접근 방식과 대상 지향적이고 컨텍스트 인식 워드리스트를 생성하는 능력입니다. 일반적인 워드리스트를 사용하는 대신, AlterX는 알려진 서브도메인을 기반으로 순열을 생성하여 관련 서브도메인을 더 효과적으로 발견할 수 있습니다. 이 접근 방식은 보안 평가 및 버그 바운티 헌팅 중 유효한 서브도메인을 찾을 가능성을 크게 높입니다.
AlterX는 ShuffleDNS 또는 다른 DNS 브루트포싱 도구와 결합하여 수동적 열거 방법으로는 발견할 수 없는 새로운 서브도메인을 발견하도록 설계되었습니다. 맞춤형 패턴과 효율적인 생성 알고리즘으로 포괄적인 서브도메인 열거에 필수적인 도구입니다.
설치
Go 사용
Would you like me to continue with the remaining sections? I can translate them in the same detailed manner.```bash
Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/alterx/cmd/alterx@latest
Verify installation
alterx -version
### Using Docker
```bash
# Pull the latest Docker image
docker pull projectdiscovery/alterx:latest
# Run AlterX using Docker
docker run -it projectdiscovery/alterx:latest -hUsing Homebrew (macOS)
# Install using Homebrew
brew install alterx
# Verify installation
alterx -versionUsing PDTM (Project Discovery Tools Manager)
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
# Install AlterX using PDTM
pdtm -i alterx
# Verify installation
alterx -versionOn Kali Linux
# Install using apt
sudo apt install alterx
# Verify installation
alterx -versionBasic Usage
Generating Wordlists
# Generate wordlist using default patterns
alterx -l subdomains.txt
# Generate wordlist with specific pattern
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev"
# Generate wordlist from a single domain
alterx -d example.com -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"
# Generate wordlist from multiple domains
alterx -d example.com,hackerone.com -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"Output Options
# Save results to a file
alterx -l subdomains.txt -o wordlist.txt
# Output in JSON format
alterx -l subdomains.txt -json -o wordlist.json
# Silent mode (only wordlist entries)
alterx -l subdomains.txt -silentPattern Usage
Basic Patterns
# Use word pattern (extracts words from input)
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}"
# Use number pattern (extracts numbers from input)
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}"
# Use character pattern (extracts characters from input)
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}"
# Combine multiple patterns
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"Advanced Patterns
# Use prefix pattern
alterx -l subdomains.txt -p "dev-\\\\{\\\\{word\\\\}\\\\}"
# Use suffix pattern
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-prod"
# Use multiple patterns
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev,\\\\{\\\\{word\\\\}\\\\}-prod,\\\\{\\\\{word\\\\}\\\\}-stage"
# Use patterns from a file
alterx -l subdomains.txt -pf patterns.txtPattern Modifiers
# Use uppercase modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:uppercase\\\\}\\\\}"
# Use lowercase modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:lowercase\\\\}\\\\}"
# Use capitalize modifier
alterx -l subdomains.txt -p "\\\\{\\\\{word:capitalize\\\\}\\\\}"
# Use multiple modifiers
alterx -l subdomains.txt -p "\\\\{\\\\{word:lowercase:capitalize\\\\}\\\\}"Advanced Usage
Word Extraction
# Extract words from input
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -extract-words
# Set minimum word length
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -min-word-length 3
# Set maximum word length
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}" -max-word-length 10Number Extraction
# Extract numbers from input
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -extract-numbers
# Set minimum number length
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -min-number-length 1
# Set maximum number length
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}" -max-number-length 5Character Extraction
# Extract characters from input
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -extract-chars
# Set minimum character length
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -min-char-length 1
# Set maximum character length
alterx -l subdomains.txt -p "\\\\{\\\\{char\\\\}\\\\}" -max-char-length 3Pattern Examples
Common Subdomain Patterns
# Development environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-dev,dev-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.dev"
# Staging environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-stage,stage-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.stage"
# Production environments
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-prod,prod-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}.prod"
# API endpoints
alterx -l subdomains.txt -p "api-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}-api,api.\\\\{\\\\{word\\\\}\\\\}"
# Admin panels
alterx -l subdomains.txt -p "admin-\\\\{\\\\{word\\\\}\\\\},\\\\{\\\\{word\\\\}\\\\}-admin,admin.\\\\{\\\\{word\\\\}\\\\}"Numeric Patterns
# Append numbers
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}\\\\{\\\\{number\\\\}\\\\}"
# Prepend numbers
alterx -l subdomains.txt -p "\\\\{\\\\{number\\\\}\\\\}\\\\{\\\\{word\\\\}\\\\}"
# Separate with hyphen
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-\\\\{\\\\{number\\\\}\\\\}"
# Separate with dot
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}.\\\\{\\\\{number\\\\}\\\\}"Regional Patterns
# Geographic regions
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-us,\\\\{\\\\{word\\\\}\\\\}-eu,\\\\{\\\\{word\\\\}\\\\}-asia"
# Countries
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-uk,\\\\{\\\\{word\\\\}\\\\}-ca,\\\\{\\\\{word\\\\}\\\\}-au"
# Cities
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-nyc,\\\\{\\\\{word\\\\}\\\\}-lon,\\\\{\\\\{word\\\\}\\\\}-sfo"Integration with Other Tools
Pipeline with ShuffleDNS
# Generate wordlist and use it for DNS brute-forcing
alterx -l subdomains.txt -silent|shuffledns -d example.com -w /dev/stdin -r resolvers.txt
# Generate wordlist, filter, and use for DNS brute-forcing
alterx -l subdomains.txt -silent|grep -v "test"|shuffledns -d example.com -w /dev/stdin -r resolvers.txtPipeline with Subfinder
# Find subdomains passively and use them to generate wordlist
subfinder -d example.com -silent|alterx -p "\\\\{\\\\{word\\\\}\\\\}-dev,\\\\{\\\\{word\\\\}\\\\}-stage" -silent
# Find subdomains, generate wordlist, and use for DNS brute-forcing
subfinder -d example.com -silent|alterx -p "\\\\{\\\\{word\\\\}\\\\}-dev" -silent|shuffledns -d example.com -w /dev/stdin -r resolvers.txtPipeline with HTTPX
# Generate wordlist, resolve domains, and probe for HTTP services
alterx -l subdomains.txt -silent|dnsx -a -resp-only|httpx -silent
# Generate wordlist for specific domain and probe for HTTP services
alterx -l subdomains.txt -p "\\\\{\\\\{word\\\\}\\\\}-api" -silent|dnsx -a -resp-only -d example.com|httpx -silentOutput Customization
Custom Output Format
# Output only wordlist entries
alterx -l subdomains.txt -silent
# Count generated entries
alterx -l subdomains.txt -silent|wc -l
# Sort output alphabetically
alterx -l subdomains.txt -silent|sort
# Remove duplicates
alterx -l subdomains.txt -silent|sort -u
```### 출력 필터링
```bash
# Filter by pattern
alterx -l subdomains.txt -silent|grep "dev"
# Filter out pattern
alterx -l subdomains.txt -silent|grep -v "test"
# Filter by length
alterx -l subdomains.txt -silent|awk 'length($0) < 20'
```## 고급 필터링
```bash
# Filter by word count
alterx -l subdomains.txt -silent|awk 'NF==1' # Single word
alterx -l subdomains.txt -silent|awk 'NF==2' # Two words
# Filter by character type
alterx -l subdomains.txt -silent|grep -E '^[a-z]+
## Performance Optimization
### Concurrency and Rate Limiting
```bash
# 동시성 설정 (기본값: 10)
alterx -l subdomains.txt -c 20
# 속도 제한 설정
alterx -l subdomains.txt -rate-limit 100Optimization for Large Inputs
# 대용량 입력을 위한 스트림 모드 사용
alterx -l large-subdomains.txt -stream
# 최대 항목 제한
alterx -l subdomains.txt -max-entries 1000Troubleshooting
Common Issues
- Memory Issues
# 대용량 입력을 위한 스트림 모드 사용 alterx -l large-subdomains.txt -stream # 최대 항목 제한 alterx -l subdomains.txt -max-entries 1000
2. **Pattern Issues**
```bash
# 패턴 구문 확인
alterx -l subdomains.txt -p "\{\{word\}\}-dev" -debug
# 간단한 패턴 먼저 사용
alterx -l subdomains.txt -p "\{\{word\}\}"- No Output
# 입력 파일 확인 cat subdomains.txt # 상세 모드 사용 alterx -l subdomains.txt -v
4. **Duplicate Entries**
```bash
# 중복 제거
alterx -l subdomains.txt -silent|sort -uDebugging
# 상세 모드 활성화
alterx -l subdomains.txt -v
# 디버그 정보 표시
alterx -l subdomains.txt -debug
# 통계 표시
alterx -l subdomains.txt -statsConfiguration
Configuration File
AlterX uses a configuration file located at $HOME/.config/alterx/config.yaml. You can customize various settings in this file:
# 예시 구성 파일
concurrency: 10
rate-limit: 100
patterns:
- "\{\{word\}\}-dev"
- "\{\{word\}\}-stage"
- "\{\{word\}\}-prod"Environment Variables
# 환경 변수를 통해 AlterX 구성 설정
export ALTERX_CONCURRENCY=10
export ALTERX_RATE_LIMIT=100
export ALTERX_PATTERNS="\{\{word\}\}-dev,\{\{word\}\}-stage,\{\{word\}\}-prod"Reference
Command Line Options
| Flag | Description |
|---|---|
-d, -domain | Target domain(s) to use for wordlist generation |
-l, -list | File containing list of domains to use for wordlist generation |
-p, -pattern | Pattern(s) to use for wordlist generation |
-pf, -pattern-file | File containing patterns to use for wordlist generation |
-o, -output | File to write output to |
-json | Write output in JSON format |
-silent | Show only wordlist entries in output |
-v, -verbose | Show verbose output |
-extract-words | Extract words from input |
-extract-numbers | Extract numbers from input |
-extract-chars | Extract characters from input |
-min-word-length | Minimum word length |
-max-word-length | Maximum word length |
-min-number-length | Minimum number length |
-max-number-length | Maximum number length |
-min-char-length | Minimum character length |
-max-char-length | Maximum character length |
-c, -concurrency | Number of concurrent workers |
-rate-limit | Maximum number of entries per second |
-stream | Stream mode for large inputs |
-max-entries | Maximum number of entries to generate |
-stats | Show statistics |
-debug | Show debug information |
-version | Show AlterX version |
Pattern Variables
| Variable | Description |
|---|---|
\{\{word\}\} | Extracts words from input |
\{\{number\}\} | Extracts numbers from input |
\{\{char\}\} | Extracts characters from input |
Pattern Modifiers
| Modifier | Description |
|---|---|
:uppercase | Converts to uppercase |
:lowercase | Converts to lowercase |
:capitalize | Capitalizes first letter |
Resources
This cheat sheet provides a comprehensive reference for using AlterX, from basic wordlist generation to advanced pattern usage and integration with other tools. For the most up-to-date information, always refer to the official documentation.
Only lowercase
alterx -l subdomains.txt -silent|grep -E ‘[0-9]’ # Contains numbers
Filter by domain pattern
alterx -l subdomains.txt -silent|grep -E ‘^api-’ # Starts with “api-” alterx -l subdomains.txt -silent|grep -E ‘-dev
Performance Optimization
Concurrency and Rate Limiting
CODE_BLOCK_22
Optimization for Large Inputs
CODE_BLOCK_23
Troubleshooting
Common Issues
-
Memory Issues CODE_BLOCK_24
-
Pattern Issues CODE_BLOCK_25
-
No Output CODE_BLOCK_26
-
Duplicate Entries CODE_BLOCK_27
Debugging
CODE_BLOCK_28
Configuration
Configuration File
AlterX uses a configuration file located at $HOME/.config/alterx/config.yaml. You can customize various settings in this file:
CODE_BLOCK_29
Environment Variables
CODE_BLOCK_30
Reference
Command Line Options
| Flag | Description |
|---|---|
-d, -domain | Target domain(s) to use for wordlist generation |
-l, -list | File containing list of domains to use for wordlist generation |
-p, -pattern | Pattern(s) to use for wordlist generation |
-pf, -pattern-file | File containing patterns to use for wordlist generation |
-o, -output | File to write output to |
-json | Write output in JSON format |
-silent | Show only wordlist entries in output |
-v, -verbose | Show verbose output |
-extract-words | Extract words from input |
-extract-numbers | Extract numbers from input |
-extract-chars | Extract characters from input |
-min-word-length | Minimum word length |
-max-word-length | Maximum word length |
-min-number-length | Minimum number length |
-max-number-length | Maximum number length |
-min-char-length | Minimum character length |
-max-char-length | Maximum character length |
-c, -concurrency | Number of concurrent workers |
-rate-limit | Maximum number of entries per second |
-stream | Stream mode for large inputs |
-max-entries | Maximum number of entries to generate |
-stats | Show statistics |
-debug | Show debug information |
-version | Show AlterX version |
Pattern Variables
| Variable | Description |
|---|---|
\{\{word\}\} | Extracts words from input |
\{\{number\}\} | Extracts numbers from input |
\{\{char\}\} | Extracts characters from input |
Pattern Modifiers
| Modifier | Description |
|---|---|
:uppercase | Converts to uppercase |
:lowercase | Converts to lowercase |
:capitalize | Capitalizes first letter |
Resources
This cheat sheet provides a comprehensive reference for using AlterX, from basic wordlist generation to advanced pattern usage and integration with other tools. For the most up-to-date information, always refer to the official documentation.
# Ends with "-dev"
### 동시성 및 속도 제한
__CODE_BLOCK_22__
### 대용량 입력 최적화
__CODE_BLOCK_23__
## 문제 해결
### 일반적인 문제들
`$HOME/.config/alterx/config.yaml`**메모리 문제**
__CODE_BLOCK_24__
| 깃발 | 설명 |
|------|-------------|
| `-d, -domain` | 워드리스트 생성에 사용할 대상 도메인(들) |
| `-l, -list` | 워드리스트 생성에 사용할 도메인 목록을 포함하는 파일 |
| `-p, -pattern` | 워드리스트 생성에 사용할 **패턴**들 |
| `-pf, -pattern-file` | 워드리스트 생성에 사용할 패턴이 포함된 파일 |
| `-o, -output` | 출력을 쓸 파일 |
| `-json` | JSON 형식으로 출력 작성 |
| `-silent` | 출력에 단어 목록 항목만 표시 |
| `-v, -verbose` | 자세한 출력 표시 |
| `-extract-words` | 입력에서 단어 추출하기 |
| `-extract-numbers` | 입력에서 숫자 추출하기 |
| `-extract-chars` | 입력에서 문자 추출하기 |
| `-min-word-length` | 최소 단어 길이 |
| `-max-word-length` | 최대 단어 길이 |
| `-min-number-length` | 최소 번호 길이 |
| `-max-number-length` | 최대 숫자 길이 |
| `-min-char-length` | 최소 문자 길이 |
| `-max-char-length` | 최대 문자 길이 |
| `-c, -concurrency` | 동시 작업자 수 |
| `-rate-limit` | 초당 최대 항목 수 |
| `-stream` | 대규모 입력을 위한 스트림 모드 |
| `-max-entries` | 생성할 최대 항목 수 |
| `-stats` | 통계 표시 |
| `-debug` | 디버그 정보 표시 |
| `-version` | AlterX 버전 표시 |**패턴 문제**
__CODE_BLOCK_25__
| 변수 | 설명 |
|----------|-------------|
| `\\{\\{word\\}\\}` | 입력에서 단어 추출 |
| `\\{\\{number\\}\\}` | 입력에서 숫자 추출 |
| `\\{\\{char\\}\\}` | 입력에서 문자 추출 |**출력 없음**
__CODE_BLOCK_26__
| 수정자 | 설명 |
|----------|-------------|
| `:uppercase` | 대문자로 변환 |
| `:lowercase` | 소문자로 변환합니다 |
| `:capitalize` | 첫 글자를 대문자로 표시합니다 |**중복 항목**
__CODE_BLOCK_27__
### 디버깅
__CODE_BLOCK_28__
## 구성
### 구성 파일
AlterX는 다음 위치에 있는 구성 파일을 사용합니다:https://docs.projectdiscovery.io/tools/alterx. 이 파일에서 다양한 설정을 사용자 정의할 수 있습니다:
__CODE_BLOCK_29__
### 환경 변수
__CODE_BLOCK_30__
## 참조
### 명령줄 옵션
https://github.com/projectdiscovery/alterx
### 패턴 변수
https://discord.gg/projectdiscovery
### 패턴 수정자