Subdomains Enumeration

Google Dorks for Subdomain Enumeration

"certifiedhacker.com"
site:*.tryhackme.com
-site:www.tryhackme.com  site:*.tryhackme.com \\except main website

Finding Subdomains

LogoPentest-Tools.com | 25+ Online Penetration Testing ToolsPentest-Tools.com
LogoInternet Archive: Wayback Machine

Kali Tools (Subdomain Enumeration)

LogoGitHub - aboul3la/Sublist3r: Fast subdomains enumeration tool for penetration testersGitHub
LogoGitHub - owasp-amass/amass: In-depth Attack Surface Mapping and Asset DiscoveryGitHub
slow but good
Logosubfinder | Kali Linux ToolsKali Linux
LogoGitHub - tomnomnom/assetfinder: Find domains and subdomains related to a given domainGitHub
LogoGitHub - incogbyte/shosubgo: Small tool to Grab subdomains using Shodan api.GitHub
Passive with shodan

API Keys to increase your dataset

LogoProjectdiscovery.io | Chaos
Paid
LogoNetlas.io - discover, research and monitor any assets available online
Paid

Check if subdomains are Alive

LogoGitHub - tomnomnom/httprobe: Take a list of domains and probe for working HTTP and HTTPS serversGitHub

Screenshot Alive domains

LogoInstallation ยท sensepost/gowitness WikiGitHub
PreviousWebsite OSINTNextDNS Records

Last updated

Was this helpful?