Recon
Subdomain
Section titled “Subdomain”Enumeration
Section titled “Enumeration”assetfinder CrtSh Findomain Subfinder Github-Subdomains
- Merge list together and get unique subdomains
- https://github.com/tomnomnom/anew unique
Check domain is alive
Section titled “Check domain is alive”httprobe
cat subs.txt | httprobe | tee -a alivesubs.txtScreenshot
Section titled “Screenshot”aquatone
cat subs.txt | aquatoneAutomated Scanner
Section titled “Automated Scanner”find low hanging fruit nuclei nmap nikto
- scope domains
- Find all the root domains
- acquisitions
- understand the company
- crunchbase.com
- asn enumeration
- Autonomous System Number
- bgp.he.net
- asnlookup
- metabigor
- asn enumeration amass
amass intel -asn 46489
- reverse whois
- api.whoxy.com -> search a domain and show the pasts been own
- subdomain enumeration
- port analysis
- others
- subdomain takeover
- buckets
- github leaks
- interlace
- screenshotting
- frameworks