Skip to content

Enumeration - Subdomain

dnsdumpster

crt.sh

dig

dig {URL} any

knockpy {URL}

RUN apt-get install -y python-dnspython && \
    cd home && \
    curl -LOk -o knock.tar.gz https://github.com/guelfoweb/knock/archive/4.1.0.tar.gz && \
    mv 4.1.0.tar.gz knock.tar.gz && \
    tar -xzf knock.tar.gz && \
    rm knock.tar.gz && \
    cd knock-4.1.0 && \
    python setup.py install

sublist3r -d {URL}

RUN cd /home && \
    git clone https://github.com/aboul3la/Sublist3r && \
    cd /home/Sublist3r && \
    pip install -r requirements.txt && \
    ln -sf /home/Sublist3r/sublist3r.py /usr/local/bin/sublist3r

dnsenum

dnsenum {URL}

theHarvester

theHarvester -d {URL} -b all

dnsrecon

dnsrecon -n ns1-01.azure-dns.com -d {URL} -D subdomains-top1mil-5000.txt -t brt

online

  • https://transparencyreport.google.com/https/certificates
  • https://search.censys.io/certificates?q={URL}
  • https://github.com/OWASP/Amass

online other

  • https://www.crunchbase.com
  • https://bgp.he.net
  • https://github.com/j3ssie/metabigor
  • https://www.whoxy.com
  • https://github.com/vysecurity/DomLink
  • https://builtwith.com
  • https://www.shodan.io
  • https://github.com/hakluke/hakrawler
  • https://github.com/tomnomnom/unfurl
  • https://github.com/jaeles-project/gospider
  • https://github.com/nsonaniya2010/SubDomainizer
  • https://www.youtube.com/watch?v=qLTe6Z10vj8&t=0s