Methodologies
Hack The Box last updated - 2019
Basic Subdomain Enumeration guide
Gobuster
1
gobuster -m dns -w /path/to/wordlist.txt -u domain.com -i -q >> Subdomains.tmp
2
cat Subdomains.tmp | grep Found |x cut -d " " -f 2 > Subdomains.txt
3
rm Subdomains.tmp
Copied!
SSL Scan
1
for i in $(cat wildcards.txt); do sslscan --no-colour --show-certificate $i | grep -E "Altnames:" | tee -a ssldomains.txt; done
2
cat ssldomains.txt | sed 's/DNS:/&\n/g' | cut -d "," -f 1 | sort -u > ssldomains.tmp
3
cat wildcards.txt >> ssldomains.tmp
4
cat ssldomains.tmp | sort -u > ssldomains.txt
5
rm ssldomains.tmp
Copied!
Amass
1
amass --passive -d DOMAIN.com
Copied!
MassDNS
1
./bin/massdns -r resolvers.txt -t AAAA -w results.txt domains.txt
Copied!
DNSdumpster
Last modified 2yr ago
Copy link