Skip to content

Latest commit

 

History

History
65 lines (56 loc) · 2.35 KB

SubDomainEnum.md

File metadata and controls

65 lines (56 loc) · 2.35 KB

Table of contents generated with markdown-toc

Usage And flow

Amass

First off, i like to use Amass. It will give me a great amount of results and usually makes the other tools seem like nubs.

Installation

Requirements

  • Brew Needs to be installed

Steps

brew tap caffix/amass
brew install amass

Running amass

Simple Enum:
 amass enum -d example.com

Intel:
 amass intel -org google
This will result in CIDR records:
 amass intel -ip -src -cidr IP.IP.IP.IP

Other general tools

We can run other tools like SubFinder, FinDomain, dnssearch,... to complete our list, for those see the github pages.

List of Tools

General Tools

  1. Amass
  2. SubFinder
  3. Findomain
  4. Sublist3r
  5. dnssearch
  6. Sudomy

Dictionary attacks

  1. knockPy
  2. DNSRecon
  3. MassDNS

Permutation Scanning

  1. AltDNS

DNS Databases

  1. DNS Dumpster
  2. Shodan
  3. Pentest-tools
  4. Rapid7 Forward DNS (FDNS)

Checking SubDomain Status Code

  1. URLChecker
  2. HTTProbe
  3. httpx
  4. dnsx