Subdomain discovery is the process of finding what subdomains exist given a domain name. For example, the domain tcm-sec.com might have the subdomains dev.tcm-sec.com and blog.tcm-sec.com.
tcm-sec.com
dev.tcm-sec.com
blog.tcm-sec.com
Assetnote https://wordlists-cdn.assetnote.io/data/manual/best-dns-wordlist.txtarrow-up-right
Seclists /Seclists/Discovery/DNS/<multiple lists here>arrow-up-right
Sublistr
Google
https://crt.sh/arrow-up-right
DNSRecon
Amass
Ffuf
Last updated 2 years ago
ffuf -u <target> -w /path/to/wordlist.txt -H "Host: FUZZ.target.com" -fs <size-filter>
