- Search Censys:
- Certificates:
https://search.censys.io/search?resource=certificates&q=jetrist.net - Hosts:
https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=promoted-tortoise.jetrist.net
- Certificates:
-
Gobuster full domain:
gobuster dns -d $tgtdomain -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt -o domain.gobuster.txt -i -
Gobuster sub domains:
gobuster dns -d $tgtdomain -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt -o subdomain.gobuster.txt -i -
Place output to an IP list:
cat domain.gobuster.txt | cut -d "[" -f5 | cut -d "]" -f1 | cut -d, -f -999 --output-delimiter=$'\n' | awk NF >> iplist.txt -
Get hostnames from iplist:
for ip in $(cat iplist.txt); do host $ip >> hosts.raw; done -
Clean up the file:
cat hosts.raw | cut -d " " -f 5 | sed 's/\.$//g' > hosts.txt -
Dnsrecon:
dnsrecon --iw -d www.promoted-tortoise.jetrist.net -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -k -t brt,crt,std --threads 10 -c www.promoted-tortoise.jetrist.net.dnsrecon.csv