search
LinkedInGithub
githubEdit

subdomain

subdomain passive uses third-party sources without interacting directly with the target.

General Command

assetfinder --subs-only example.com
subfinder -d example.com
subfinder -d example.com -all
amass enum -passive -d example.com
chaos -d example.com -key YOUR_CHAOS_API_KEY

hashtag
One Liner

curl -s "https://crt.sh/?q=%.example.com&output=json" | jq -r '.[].name_value' | sort -u

curl -s "https://api.securitytrails.com/v1/domain/example.com/subdomains" \
-H "APIKEY: YOUR_API_KEY"

echo example.com | waybackurls | cut -d/ -f3 | sort -u

Online Tools to Do

  • https://dnsdumpster.com

  • https://crt.sh/?q=%.example.com

  • https://hunter.io

Previoussubdomain-enumerationNextSERVICES

Last updated