Scribd
Upload
65 views7 pages

Subdomain Enumeration

Uploaded by

Deniz Yaşar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
65 views7 pages

Subdomain Enumeration

Uploaded by

Deniz Yaşar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

SUBDOMAIN

ENUMERATION
Subdomain Enumeration

It is the process of finding sub-domains for one or more domain(s).


According to RFC 1034, a domain is a subdomain of another domain if it is
contained within that domain.

Domain vs Sub-Domain:
• Regular domains are standard URLs e.g. example.com.
• Sub-Domain is a unique URL which is an add-on to your primary
domain name e.g. blog.example.com.

Why is Subdomain Enumeration important?


➢ Enumerating subdomains is crucial as they may point to different
parts of a web application or may lead to another website hosted on
another server with a different IP address.

➢ A good subdomain enumeration will help you find those


hidden/untouched subdomains, where your chances of finding a bug
increases.
➢ By enumerating all subdomains, we might find subdomains that are
less well-protected than the root domain or the target organization,
making them more vulnerable to attack.

➢ Finding applications running on hidden, forgotten (by the


organization) sub-domains may lead to uncovering critical
vulnerabilities.

Tools & Techniques


DNSdumpster
DNSdumpster is a free domain research tool that can discover hosts
related to a domain as finding visible hosts from the attackers perspective
is an important part of the security assessment process.
Sublist3r
It is one of the most popular open source tools for subdomain enumeration.
It aggregates output from many different sources such as Google, Bing,
Virustotal, crt.sh. Sublist3r also uses a standalone project called subbrute.
Subbrute is using the dictionary of common subdomain names in order to
find a subset of subdomains that are resolvable.
Spyse
Subdomain Finder by Spyse is a handcrafted search engine that allows you
to discover subdomains of any domain.

Crt.sh
Crt.sh Is an online service for certificate search provided by COMODO. It
uses a different dataset than Censys, but the principle is the same to find
subdomains in certificates.
Knock.py
Knock.py is a python3 tool designed to quickly enumerate subdomains ona
target domain through dictionary attack.

Turbolist3r
Turbolist3r is a fork of the sublist3r subdomain discovery tool. In addition to
the original OSINT capabilities of sublist3r, turbolis3r automates some
analysis of the results, with a focus on subdomain takeover.
REFERENCES
• https://sidxparab.gitbook.io/subdomain-enumeration-
guide/introduction/whats-the-need

You might also like