Oneliner Subdomain Enumeration! 🌏
Run this nifty little command to grab a neat list of subdomains under a given TLD:
curl 'https://crt.sh/?q=%.example.com&output=json' | jq '.name_value' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u
🙏 to @NahamSec
#oneliner #enumeration
Run this nifty little command to grab a neat list of subdomains under a given TLD:
curl 'https://crt.sh/?q=%.example.com&output=json' | jq '.name_value' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u
🙏 to @NahamSec
#oneliner #enumeration
❗️Note: requires jq! (apt install jq, brew install jq, etc)
‼️Also, heads up that I had to embed some zero width spaces into the URLs in that command, to stop Twitter munting them right up. You'll need to retype urls yourself or an invisible hole will open in the universe 😇
‼️Also, heads up that I had to embed some zero width spaces into the URLs in that command, to stop Twitter munting them right up. You'll need to retype urls yourself or an invisible hole will open in the universe 😇
For those who asked, the step by step walkthrough is here 👇
REFINED VERSION - a bit shorter and more efficient as it uses the -r flag in jq to cut out the double piping to sed:
curl 'https://crt.sh/?q=%.example.com&output=json' | jq -r '.name_value' | sed 's/\*\.//g' | sort -u
(🙏🏽 to @fharding0 for the -r tip)
curl 'https://crt.sh/?q=%.example.com&output=json' | jq -r '.name_value' | sed 's/\*\.//g' | sort -u
(🙏🏽 to @fharding0 for the -r tip)
