Subdomain Enumeration

The most obvious application exposed by an Organization is its website. An Organization tends to use more than a website for its businesses and those applications are usually hosted as the subdomain to the primary website. As website addresses are publicly available, we can use this information to identify subdomains and the web applications that are hosted.

Gobuster

gobuster vhost -u devzat.htb -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t 50 --append-domain

vhost - Check subdomain by visiting the host

q - Quite mode, don't print banner

Wfuzz

wfuzz -H "Host: FUZZ.cap.htb:5000" -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt --hw 133 http://cap.htb:5000

The "FUZZ" word will be replaced with words from the file.

PreviousPassive Information Gathering NextURL & App Scan

Last updated 1 year ago