Owlglass

Subdomain Enumeration

From DNS

dig +nocmd trick.htb axfr +noall +answer @trick.htb

WFuzz

In case the subdomain has a certain naming convention (Trick/HTB):

sed 's/^/preprod-/' subdomains-top1million-110000.txt

Then use wfuzz:

sudo wfuzz -c -f out -w wordlist -u "http://trick.htb" -H "Host: FUZZ.trick.htb"  --hw 475

gobuster

DNS

1

gobuster dns -d domain.com -w $wordlists/subdomains-top1million-110000.txt -t 20

vhost

1

gobuster vhost -u domain.com -w <wordlist>

Links to this note

Web Pentest - Enumeration