Subdomains Enumeration

Active

Zone Transfer (AXFR)

dig @192.168.1.2 domain.tld afxr

Fuzzing

Gobuster

gobuster vhost -w vhost.dic -u 'http://domain.tld' --append-domain

Wfuzz

wfuzz -c -w vhost.dic -H 'Host: FUZZ.domain.tld' -u 'http://domain.tld/' --hh=186

Ffuf

ffuf -c -w vhost.dic -H 'Host: FUZZ.domain.tld' -u 'http://domain.tld/' -fs 186

Wordlist

SecLists

• subdomains-top1million-5000.txt
• subdomains-top1million-20000.txt
• subdomains-top1million-110000.txt

Pasive

Google Dorks

site:domain.tld
site:*.domain.tld

VirusTotal

Certificate of Transparency

crt.sh