.png)
4 months ago
30 BOOK THIS SPACE FOR AD
ARTICLE ADIn this article, I am going to show you various methods and tools from which you can easily find the sub-domain of a domain.
Below are the multiple methods all bug bounty hunters and cyber security personnel use.
Here is a quick recon used by bug bounty hunters to find subdomains.
Code:
#!/bin/bash
# $1 => example.domain
amass enum — passive -d $1 -o domains_$1
assetfinder — subs-only $1 | tee -a domains_$1
subfinder -d $1 -o domains_subfinder_$1
cat domains_subfinder_$1 | tee -a domains_$1
sort -u domains_$1 -o domains_$1
cat domains_$1 | filter-resolved | tee -a domains_$1.txt
This code will provide you the all subdomain of a main domain. In order to run this above code you
need to install a couple of tools in your system.
https://github.com/OWASP/Amasshttps://github.com/projectdiscovery/subfinderhttps://github.com/tomnomnom/hacks/tree/master/filter-resolvedSource Link
Thanks, @TobiunddasMoe for the amazing tip.
Virustotal is the website to analyze any domain. It is used to find suspicious files, malware, URLs.
Using this online tool you can find IP addresses, sub-domain, APIs, etc.
Step 1. Go to https://www.virustotal.com/gui/home/search
Step 2. Enter the Domain to find the subdomain. Example: google.com
Step 3: You will see four options, click on the RELATIONS tab
Step 4: Scroll down a little bit you will see the subdomain section. You will also be able to see the IP addresses of that subdomain.
Bengali (Bangladesh) · 
English (United States) ·