In this article, we are telling you about Subdomain Enumeration and Subdomain Bruteforce. Subdomain Enumeration has been told to you earlier but Subdomain Bruteforce is being told here.
While doing most of the bug bounty, we only do Subdomain Enumeration. we have told you how to find subdomains in kali linux. If you want, you can also read our article, Subdomain Bruteforce is a part of Subdomain Enumeration in a way.
Enumeration also comes in the CEH module. Those who have read all the modules of CEH know about Enumeration. Here we are telling you about the Subdomain Bruteforce, which is talked about very little.
Because in order to bounty most of the bugs we find subdomains which are publicly available but by Subdomain Bruteforce we can find subdomains which are not publicly available.
In such a way, you can understand yourself if you find a subdomain that is kept private, in such a way, if you get a subdomain to access the admin panel, in such a way you can get a nice bounty.
Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.
What is Subdomain Enumeration ?
Let us first tell you what is Subdomain Enumeration. Mostly, a bug hunter only knows about Subdomain Enumeration. If you do bug hunting, then you will definitely know about it.
If we try to understand Subdomain Enumeration in easy language, then in this way you can say that finding subdomains of your target domain is called Subdomain Enumeration. Here most of Subdomain Scrapping and Subdomain Bruteforce are used to find Subdomain.
It is not that you can find subdomains in only two ways, you get a lot of subdomain enumeration techniques which if you want to go, in such a way, you can tell in the comment that you will also be told about them.
You have been previously told about Subdomain Scrapping. Subdomains that are publicly available if you find them, in this way it is called Subdomain Scrapping. Here you are being told about Subdomain Bruteforce.
Subdomain Bruteforce We are telling you using burp suite and kali linux, whatever method you have to use while bug hunting, you can tell you both methods are practical.
Let us now know what is Subdomain Bruteforce and when and why we do it as we have told you about Subdomain Scrapping where we find publicly available Subdomain.
This is how Subdomain Bruteforce is where we find the Subdomain which is kept private, after that we find bugs in it, with the help of Subdomain Bruteforce, sometimes Subdomain is also available to access the admin panel.
Subdomain Bruteforce We use Subdomain Bruteforce when we do not get the correct result from Subdomain Scrapping or if we do not find a bug in the subdomains emitted by Subdomain Scrapping.
Because you can understand yourself that if a Subdomain is kept private, then companies know that this Subdomain is private, in such a case, it does not give so many days on it but if the same Subdomain is found by a bug hunter
In such a way, if bugs are found there, in such a situation, the company has to pay bounty, in such a way, you must know about Subdomain Bruteforce, here we are telling you to do Subdomain Bruteforce with the help of tools and with the help of burp suite.
Subdomain brute force Using kali Linux
First of all, we are telling you about Subdomain brute force Using kali Linux or you can say Subdomain enumeration Using kali Linux Here we are telling you about the same tool
You get many types of tools to do Subdomain brute force Kali Linux, you will be given a list of some tools here but it is not possible to tell everyone practically, in such a way the article becomes very big.
The name of the tool that we are telling you here is recon-ng it, you already get the install, you have to run this tool by writing recon-ng in the terminal in some way as you see in the image.
Here you can check by writing help, what features do you get here, you get a marketplace here, where you get a lot of modules, you are given a link here, you can see how many types of modules you get here is
After doing all this, you have to install this module to do Subdomain Bruteforce in such a way as you can see in the image as well as you are being given by typing commands here as well.
marketplace search Brute
marketplace install recon/domains-hosts/brute_hosts
After doing all this, you have to run the module, here you can check by writing the modules, you will get the show installed, after this you have to run the module by giving commands in this way.
After this you have to set the target, here you have to give the domain name, here some information has been hidden. After setting the target, you have to run the simple module by writing run, after this you start the Subdomain bruteforce tool.
modules load recon/domains-hosts/brute_hosts
options set source (your target)
If you want, you can also save the output your results as you can see in the image, by showing the valid subdomain it can show results in green color.
Subdomain Enumeration Tools
Here you are given links to some of the tools used for Subdomain Enumeration, we have told you about some of these tools practically before you can read our old articles if you want.
- Amass (https://github.com/OWASP/Amass)
- DNSRecon (https://github.com/darkoperator/dnsrecon)
- dnssearch (https://github.com/evilsocket/dnssearch)
- Findomain (https://github.com/Edu4rdSHL/findomain)
- Knock (https://github.com/guelfoweb/knock)
- SubBrute (https://github.com/TheRook/subbrute)
- Subfinder (https://github.com/projectdiscovery/subfinder)
- Sublist3r (https://github.com/aboul3la/Sublist3r)
- Sudomy (https://github.com/Screetsec/Sudomy)
Subdomain brute force wordlist
Here we are also telling you the subdomain brute force wordlist which you can use, you can also create your own wordlist, we have told you earlier about how to create target base password wordlist.
Subdomain Bruteforce Using Burp Suite
Let us now tell you how you can do Subdomain Bruteforce with the help of burp suite, if you have read our earlier articles, then you will know how to use intruder.
Here too, we are telling you using the intruder as a subdomain Bruteforce, here first you have to send your target request to intruder. This is how to do it. You have been told many times in earlier articles.
As you can see in the image, after sending the request in this way, you have to add a dollar to the subdomain as we have done here. After doing all this you need a wordlist which we have provided to you here.
After doing all this, you have to add the wordlist here in some way like we have done here, here we have added a few words to understand you, but while bug hunting you have to add a lot of words here.
After doing all this, you have to click on the start attack, after this you will be able to see that this attack will start, in this way you will also show here and if some kind of private subdomain is found, in such a situation the status will change here.
I hope that now you can understand about Subdomain Enumeration and Subdomain Bruteforce. Here we have told you about Subdomain Enumeration and Subdomain Bruteforce in detail.
A link has also been provided to all the tools and wordlists that are used in your Subdomain Enumeration and Subdomain Bruteforce, now it depends on you how you use your skills.
Here we have told you about subdomain enumeration techniques, subdomain enumeration kali linux, subdomain enumeration tools, subdomain brute force wordlist, subdomain brute force kali linux
If you like this article with our Subdomain Enumeration and Subdomain Bruteforce, then you should definitely share it, if you have any kind of question, you can ask in the comment.
Subscribe to our blog for latest updates
Sharing is caring