CyberNotes
Web Applications/Enumeration

Subdomains

The process of identifying all subdomains for a given domain

Extracting Subdomains

crt.sh

%.azena.com : Certificate searches subdomains

subfinder

subfinder -d azena.com -o azena
  • -o | Outputs to a separate file

assetfinder

assetfinder azena.com | grep azena.com | sort -u > azena2.txt
  • -u | Sort unique

OWASP Amass

amass enum -d azena.com > azena3.txt
  • Takes a much longer time

httprobe

httprobe -prefer-https | grep https > azenaLive.txt
  • shows subdomains that are ALIVE

gowitness

mkdir azenapics
gowitness file -f azenaLive.txt -P /azenapics
  • Navigates to all pages inside of text file for us!

Sublist3r

sublist3r -d tesla.com

FUFF

Fuzz Faster U Fool is an open-source web fuzzing tool designed for discovering hidden files and directories on web servers by employing brute-force techniques

Client-Side Filtering

Bypassing Client-Side Filtering

On this page