Subdomains Enumeration

Google Dorks for Subdomain Enumeration

"certifiedhacker.com"
site:*.tryhackme.com
-site:www.tryhackme.com  site:*.tryhackme.com \\except main website

Finding Subdomains

Pentesting & vulnerability assessment toolkitPentest-Tools.com

Wayback Machinearchive.org

Subdomain Finder - C99.nlsubdomainfinder.c99.nl

https://searchdns.netcraft.comsearchdns.netcraft.com

SecurityTrails | SecurityTrails: Data Security, Threat Hunting, and Attack Surface Management Solutions for Security Teamssecuritytrails

DNSDumpster - Find & lookup dns records for recon & researchDNSDumpster.com

Kali Tools (Subdomain Enumeration)

GitHub - aboul3la/Sublist3r: Fast subdomains enumeration tool for penetration testersGitHub

GitHub - owasp-amass/amass: In-depth attack surface mapping and asset discoveryGitHub

amass enum -v -d tryhackme.com

subfinder | Kali Linux ToolsKali Linux

GitHub - tomnomnom/assetfinder: Find domains and subdomains related to a given domainGitHub

GitHub - blacklanternsecurity/bbot: The recursive internet scanner for hackers. 🧡GitHub

GitHub - incogbyte/shosubgo: Small tool to Grab subdomains using Shodan api.GitHub

API Keys to increase your dataset

Chaos by ProjectdiscoveryChaos

Netlas: Comprehensive Internet-Wide Scanning & OSINT Platformnetlas.io

Check if subdomains are Alive

GitHub - tomnomnom/httprobe: Take a list of domains and probe for working HTTP and HTTPS serversGitHub

Screenshot Alive domains

InstallationGitHub