How to find subdomains of a domain

0 votes
For a security project, I need to enumerate subdomains of a given domain to identify potential entry points. Are there reliable tools or techniques that can be used to discover subdomains efficiently, and what are the typical steps for conducting this type of scan?

Any tips on popular tools or automated methods for subdomain enumeration would be helpful.
Nov 7 in Cyber Security & Ethical Hacking by Anupam
• 6,570 points
61 views

1 answer to this question.

0 votes

To enumerate subdomains of a domain, there are several reliable techniques and tools commonly used in security assessments.

1. Using DNS Reconnaissance Tools

Sublist3r: A popular tool for enumerating subdomains using various search engines.

sublist3r -d example.com

Amass: A powerful tool that uses active and passive methods to find subdomains.

amass enum -d example.com

Assetfinder: Quickly finds related domains and subdomains.

assetfinder --subs-only example.com

2. Using Online Services

  • VirusTotal: VirusTotal has a "subdomains" feature that lists all subdomains found for a domain.
  • crt.sh: Search for SSL certificates issued for subdomains of the target domain.
  • SecurityTrails and Spyse: Both provide extensive subdomain data and API access.

3. DNS Brute-Forcing

dnsrecon: Can brute-force possible subdomains.

dnsrecon -d example.com -D subdomains.txt -t brt

Gobuster: Useful for brute-forcing subdomains with a wordlist.

gobuster dns -d example.com -w subdomains.txt

4. Using Passive DNS Services

Passive DNS services like DNSDumpster and PassiveTotal aggregate historical DNS data, which is valuable for discovering subdomains without triggering detection.

answered Nov 7 by CaLLmeDaDDY
• 9,420 points

Related Questions In Cyber Security & Ethical Hacking

0 votes
1 answer

How to find password of a wifi using ubuntu 18.06?

To hack a wifi password using ubuntu: You ...READ MORE

answered Apr 24, 2020 in Cyber Security & Ethical Hacking by Kim

edited Oct 6, 2021 by Sarfaraz 40,890 views
+1 vote
1 answer

How to find IP address of nodes in my network?

The IP address of the nodes connected ...READ MORE

answered Feb 9, 2019 in Cyber Security & Ethical Hacking by Omkar
• 69,220 points
4,966 views
0 votes
1 answer

Is it possible to find technolgy name of a web application using session tokens?

If the web application uses web servers that ...READ MORE

answered Aug 22, 2019 in Cyber Security & Ethical Hacking by Kumar

edited Oct 7, 2021 by Sarfaraz 780 views
0 votes
1 answer

How to become a security domain expert?

Yes, having outdated components such as MySQL ...READ MORE

answered Apr 19, 2023 in Cyber Security & Ethical Hacking by Edureka
• 12,690 points
414 views
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 9,420 points
127 views
+1 vote
1 answer
+1 vote
1 answer
+1 vote
1 answer
+1 vote
1 answer
0 votes
1 answer

How to check TLS version of a website?

There are various ways to confirm the ...READ MORE

answered Nov 22 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 9,420 points
32 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP