Basic Subdomain Enumeration guide

Search…

Gobuster
gobuster -m dns -w /path/to/wordlist.txt -u domain.com -i -q >> Subdomains.tmp
cat Subdomains.tmp | grep Found |x cut -d " " -f 2 > Subdomains.txt
rm Subdomains.tmp
SSL Scan
for i in $(cat wildcards.txt); do sslscan --no-colour --show-certificate $i | grep -E "Altnames:" | tee -a ssldomains.txt; done
cat ssldomains.txt | sed 's/DNS:/&\n/g' | cut -d "," -f 1 | sort -u  > ssldomains.tmp
cat wildcards.txt >> ssldomains.tmp
cat ssldomains.tmp | sort -u > ssldomains.txt
rm ssldomains.tmp
Amass
amass --passive -d DOMAIN.com
MassDNS
./bin/massdns -r resolvers.txt -t AAAA -w results.txt domains.txt
DNSdumpster
​https://github.com/PaulSec/API-dnsdumpster.com​
​

Methodologies - Previous

Basic Mobile Testing guide

Next - Guides

Build A Raspberry Pi Dropbox

Last modified 3yr ago

Copy link

Outline