Subdomains

What is it?

Subdomain discovery is the process of finding what subdomains exist given a domain name. For example, the domain tcm-sec.com might have the subdomains dev.tcm-sec.com and blog.tcm-sec.com.

Wordlists

Assetnote https://wordlists-cdn.assetnote.io/data/manual/best-dns-wordlist.txt

Seclists /Seclists/Discovery/DNS/<multiple lists here>

Passive discovery

Sublistr
Google
https://crt.sh/

Active discovery

Sublistr
DNSRecon
Amass
Ffuf

ffuf -u <target> -w /path/to/wordlist.txt -H "Host: FUZZ.target.com" -fs <size-filter>

PreviousContent discovery / recon NextEndpoints

Last updated 1 year ago