Information Gathering

Information Gathering

How to do Subdomain Enumeration

There are three different subdomain enumeration methods: Brute Force, OSINT (Open-Source Intelligence) and Virtual Host. Subdomain Enumeration OSINT SSL/TLS Certificates Find sub domains by searching the certificate transparency logs: http://crt.sh/ https://transparencyreport.google.com/https/certificates Google Dorks DNS Brute Force DNSRecon dnsrecon Sublist3r sublist3r Virtual Hosts FFuF

How to Recon your Target

Before starting an intrusive test in our client is necessary to perform some reconnaissance about the network to identify all information possible about the system. Some information can be collected without sending any probes to the target system this is called passive recon. Passive Recon Active Recon Port Scans Services Enumeration DNS brute force