Share this page!

Rohit (If U Need help, DM's are Open) Profile picture
Twitter logo
29 Jun, 9 tweets, 10 min read
Subdomain Enumeration 101 πŸ† πŸ‘‡

1. Passive Enumeration
2. Active Enumeration

@shifacyclewala @Hacktifycs
#bugbountytips #bugbounty #infosec #cybersecurity #hacking
Passive:
1. Google Dorking:
β€œsite:*.example.org -www -store -jobs -uk”
2. virustotal
3. dnsdumpster
4. crt[.]sh
5. censys[.]io
6. Rapid7 Sonar Datasets
7. Dnsbufferover

#bugbountytips #bugbounty #infosec #cybersecurity #hacking
Unique Ways:
1. dig +multi AXFR @ns1.dns.co insecuredns.com
2. CSP (curl -I -s -L https://some[.]com | grep -iE 'Content-Security|CSP')
3. Github Subdomains
4. nmap --script targets-asn --script-args targets-asn.asn=17012
5. Scraping using webscrapers
#bugbountytips
Tools :
1. amass
2. subfinder
3. sublist3r
4. findomain
5. dnsrecon
6. gobuster
7. knock
8. massdns
#bugbountytips #bugbounty #infosec #cybersecurity #hacking
Virtual Hosts Discovery:
1. vhost-brute
2. Virtual-host-discovery

#bugbountytips #bugbounty #infosec #cybersecurity #hacking
Public datasets:

1. Scans[.]io
2. Riddler
3. SecurityTrails
4. Common Crawl
4. PassiveTotal
5. DNSDB
6. Forward DNS dataset
7. WhoisXML API
8. whoxy (reverse whois)
9. whoisxmlapi[.]com (reverse whois)
10. wayback
12. alienvault OTX
#bugbountytips #bugbounty #infosec #cyber
Search Engines:
1. ZoomEye
2. FOFA
3. Shodan
4. ThreatCrowd
5. Censys
6. greynoise

#bugbountytips #bugbounty #infosec #cybersecurity #hacking
Active Subdomain Enumeration:
Subdomain discovery through alterations and permutations
1. altdns
2. purends
3. shuffledns

#bugbountytips #bugbounty #infosec #cybersecurity #hacking
Subdomain Enum Wordlists:
1. all.txt
2. commonspeak
3. seclists
4. shubs
5. assetnote wordlists

#bugbountytips #bugbounty #infosec #cybersecurity #hacking

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with Rohit (If U Need help, DM's are Open)

Rohit (If U Need help, DM's are Open) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @HackerGautam

Rohit (If U Need help, DM's are Open) Profile picture
30 Jun
Github Recon 101 πŸ†πŸ‘‡

1. Manual Enumeration
2. Automated Enumeration

@shifacyclewala @Hacktifycs
#bugbountytips #bugbounty #infosec #cybersecurity #hacking
πŸ’‘Manual:
GitHub Dorking is basically finding leaks in the code pushed by the target organisation or its employees.

1. org: evilcorp[.]com
2. language:"bash" org:evilcorp[.]com
3. "target[.]com" language:python "secret" "password" "key" NOT docs NOT sandbox NOT test NOT fake
πŸ’‘Dorks:

Jenkins
Jira
OTP
oauth
authoriztion
password
pwd
ftp
ssh
dotfiles
JDBC
token
user
pass
secret
SecretAccessKey
AWS_SECRET_ACCESS_KEY
credentials
config
security_credentials
S3
https://
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @HackerGautam has new unrolls!

Check out other threads from @HackerGautam!

Read all threads by @HackerGautam

:(