# Subdomains Enumeration
### Google Dorks for Subdomain Enumeration
```
"certifiedhacker.com"
site:*.tryhackme.com
-site:www.tryhackme.com site:*.tryhackme.com \\except main website
```
### Finding Subdomains
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
### Kali Tools (Subdomain Enumeration)
{% embed url="" %}
{% embed url="" %}
slow but good
{% endembed %}
```
amass enum -v -d tryhackme.com
```
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
Passive with shodan
{% endembed %}
### API Keys to increase your dataset
{% embed url="" %}
Paid
{% embed url="" %}
Paid
{% endembed %}
### Check if subdomains are Alive
{% embed url="" %}
### Screenshot Alive domains
{% embed url="" %}