Enumeration - Subdomain
dnsdumpster
crt.sh
dig
dig {URL} any
knockpy {URL}
RUN apt-get install -y python-dnspython && \
cd home && \
curl -LOk -o knock.tar.gz https://github.com/guelfoweb/knock/archive/4.1.0.tar.gz && \
mv 4.1.0.tar.gz knock.tar.gz && \
tar -xzf knock.tar.gz && \
rm knock.tar.gz && \
cd knock-4.1.0 && \
python setup.py install
sublist3r -d {URL}
RUN cd /home && \
git clone https://github.com/aboul3la/Sublist3r && \
cd /home/Sublist3r && \
pip install -r requirements.txt && \
ln -sf /home/Sublist3r/sublist3r.py /usr/local/bin/sublist3r
dnsenum
dnsenum {URL}
theHarvester
theHarvester -d {URL} -b all
dnsrecon
dnsrecon -n ns1-01.azure-dns.com -d {URL} -D subdomains-top1mil-5000.txt -t brt
online
- https://transparencyreport.google.com/https/certificates
- https://search.censys.io/certificates?q={URL}
- https://github.com/OWASP/Amass
online other
- https://www.crunchbase.com
- https://bgp.he.net
- https://github.com/j3ssie/metabigor
- https://www.whoxy.com
- https://github.com/vysecurity/DomLink
- https://builtwith.com
- https://www.shodan.io
- https://github.com/hakluke/hakrawler
- https://github.com/tomnomnom/unfurl
- https://github.com/jaeles-project/gospider
- https://github.com/nsonaniya2010/SubDomainizer
- https://www.youtube.com/watch?v=qLTe6Z10vj8&t=0s