SlideShare a Scribd company logo

Subdomain Enumeration

Download as PPTX, PDF
A
AkshayPandurangi

Different ways of enumerating or discovering subdomains for given domain. As we know, enumeration is the key when it comes to hacking; enumerating subdomains leads to discovering many untouched surfaces having the vulnerabilities.

Internet
1 of 17
WHAT IS A DOMAIN? • The address where internet users can access your website. • Computers use IP addresses, which are a series of number. However, it is difficult for humans to remember strings of numbers. Because of this, domain names were developed and used to identify entities on the internet rather than using IP addresses. • It can be any combination of letters and numbers. • It can be used in combination of the various domain name TLDs, such as com, net and more.
WHAT IS A SUB-DOMAIN? • A subset, or a smaller part of a larger domain. • A second website, with its own unique content, but there is no new domain name. • For example, west.example.com & east.example.com are subdomains of the example.com domain, which in turn is a subdomain of the com Top-Level Domain (TLD). • The TLD is the part that occur right after the last dot in the domain name. • While there are several types of TLDs the most common are com, org, net. • the SLD or Second-Level Domain, is the part that occurs immediately in front of the last dot in the domain name.
WHAT IS SUB-DOMAIN ENUMERATION? • Its a process of finding subdomains of a particular Domain Name. • Well, it is not that much hard to find a subdomain of a website. • Various techniques and tools are available for enumerating subdomains. • Much you DIG much you ENUMERATE!!
WHY SUB-DOMAIN ENUMERATION? • Enumerating subdomains is crucial step of reconnaissance, as they may point to different parts of a web application or may lead to another website hosted on another server with a different IP address. This allows you to come up with an accurate public network profile for the target organization. • The more subdomains you find, the more likely it is you will find a vulnerability you can exploit. at the very least it might provide a lead which you can pursue in hopes of finding a way inside the network. • Sub-domain enumeration can reveal a lot of sub-domains that are in scope of a security assessment which in turn increases the chances of finding vulnerabilities.
SUB-DOMAIN ENUMERATION TECHNIQUES PUBLIC RESOURCES • SEARCH ENGINE • VIRUS TOTAL • PENTEST-TOOLS • HACKER TARGET TOOLS • DNSENUM • SUBLIST3R • KNOCKPY • DNSRECON • FIERCE There are many ways to locate or find subdomains by using some public resources or by using some tools. Let’s have a look into it one-by-one.
FINDING SUB-DOMAIN USING PUBLIC RESOURCES SEARCH ENGINES • An easy way to find subdomain without using any tool is by using the search engines. • Search engines like Google and Bing supports different types of advance “search operators” to filter search quires. These advanced operators are also know as “dorks”. • Google also supports additional minus operator to remove sub-domains that we are not interested in “site: paypal.com -inurl:www”
FINDING SUB-DOMAIN USING PUBLIC RESOURCES • VirusTotal runs its own particular uninvolved DNS replication benefit, worked by putting DNS resolutions performed when going by URLs presented by clients. • To enumerate subdomains using VirusTotal’s service, you just simply have to enter the domain name in the search box. • List of subdomains will be displayed in few seconds. VirusTotal
FINDING SUB-DOMAIN USING PUBLIC RESOURCES PENTEST-TOOLS • Pentest-Tools as a reference is a place for penetration testers where they can find online tools to use in their engagements. • Its majorly being used for Passive Reconnaissance. • Pentest tools is another website which works same as VirusTotal where we can get great number of subdomains. • Pentest-tools offer many services, one of which is Find Subdomains.
FINDING SUB-DOMAIN USING PUBLIC RESOURCES HACKER TARGET • HackerTarget is another site, built for Passive Information gathering. • It’s the place where you can enter a domain name and look for its DNS host records. This will dump out all subdomains related with that domain. • Normally, this site’s results are limited to a maximum of 2000 outcomes.
FINDING SUB-DOMAIN USING TOOLS • While there are many public resources available for subdomain enumeration, sometimes running programs or scripts from our local machine will turn out to be a bonus. • These tools include performing DNS queries to gather Host Record (A), performing brute-force with possible subdomains permutation and combination. • The tools we will be looking in the part are all Open Source Tools. • Majority of them are available to be downloaded from GitHub. (git clone is your friend)
DNSENUM • dnsenum is a tool for DNS Enumeration, which is the process of locating all DNS servers and DNS entries for a domain. • Given a domain name, the dnsenum will start querying the DNS servers of the domain. • The first data that we get is the Host Address (this will also contain subdomains). Next, we see the Name Servers which will give us an idea of the hosting provider that the domain is utilising and after that the MX Record where we can see the mail server of our target host. FINDING SUB-DOMAIN USING TOOLS Download Link : https://github.com/fwaeytens/dnsenum Usage: ./dnsenum.pl [Options] <domain>
SUBLIST3R FINDING SUB-DOMAIN USING TOOLS • Sublist3r enumerate subdomains of a given using various passive techniques as well as active techniques. • Which includes, using search engines like Google, Yahoo, Bing, Baidu, Ask, etc. • Sublist3r also enumerates subdomains using Passive enumeration techniques. For which, it usese Public resources like Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS. • Its not limited till Passive reconnaissance, the tools also focuses on gathering subdomains from DNS records, brute-forcing, etc. Download Link : https://github.com/aboul3la/Sublist3r Usage: python sublist3r.py -d <domain> [Options]
• Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. • Its designed to scan for DNS Zone Transfer and to try to Bypass the Wildcard DNS record automatically, if it is enabled. • It internally uses a wordlist file which comes with the tool to brute force. But, we can also have our own wordlist to brute force the domain. • Currently knockpy also supports queries to virus total subdomains, you can set the api_key within the config.json file for better results. Download Link : https://github.com/guelfoweb/knock Usage: python knockpy.py <domain> [Options] FINDING SUB-DOMAIN USING TOOLS KNOCKPY
• dnsrecon is a python-based tool. It was designed with the purpose of enumerating DNS information about a domain. • In order to find subdomain using this tool all we have to do is, to give a name list and it will try to resolve the A, AAAA and CNAME records against the domain by trying each entry one by one. • dnsrecon comes pre-installed with Kali Linux. dnsrecon -d <domain> [Options] FINDING SUB-DOMAIN USING TOOLS DNSRECON Usage:
• Fierce is another pre-installed tool in Kali Linux. Its used for DNS Reconnaissance. • Its original purpose of this tool is to identify DNS records for a given domain. • Fierce first identifies authoritative DNS Servers for the target domain specified. Then it attempts is a zone transfer for all domains from each Authoritative DNS server. • Fierce also uses brute-force method to enumerate host records, so finds out the subdomains for a given domain. fierce –dns <domain>Usage: FIERCE FINDING SUB-DOMAIN USING TOOLS
Subdomain Enumeration

Recommended

Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancen|u - The Open Security Community
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
ATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsMITRE ATT&CK
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 

Recommended

Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancen|u - The Open Security Community
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework👀 Joe Gray
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
ATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsATT&CK Updates- Campaigns
ATT&CK Updates- CampaignsMITRE ATT&CK
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryWill Schroeder
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
 
Bug bounty
Bug bountyBug bounty
Bug bountyn|u - The Open Security Community
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Not a Security Boundary
Not a Security BoundaryNot a Security Boundary
Not a Security BoundaryWill Schroeder
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active DirectorySunny Neo
 
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxAlfredObia1
 
Subdomain Takeover
Subdomain TakeoverSubdomain Takeover
Subdomain TakeoverAkshayPandurangi
 

More Related Content

What's hot

WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE - ATT&CKcon
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentMarcelo Silva
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Not a Security Boundary
Not a Security BoundaryNot a Security Boundary
Not a Security BoundaryWill Schroeder
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodologyRashad Aliyev
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for youToby Kohlenberg
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active DirectorySunny Neo
 

What's hot (20)

WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Fantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find ThemFantastic Red Team Attacks and How to Find Them
Fantastic Red Team Attacks and How to Find Them
 
Bug bounty
Bug bountyBug bounty
Bug bounty
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Not a Security Boundary
Not a Security BoundaryNot a Security Boundary
Not a Security Boundary
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
 
Red teaming probably isn't for you
Red teaming probably isn't for youRed teaming probably isn't for you
Red teaming probably isn't for you
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Attacker's Perspective of Active Directory
Attacker's Perspective of Active DirectoryAttacker's Perspective of Active Directory
Attacker's Perspective of Active Directory
 

Similar to Subdomain Enumeration

Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxAlfredObia1
 
DNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and ResponseDNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and Responsepm123008
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
Domain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptxDomain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptxUsmanAhmed269749
 
Chapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptxChapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptxmanju772238
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolJisc
 
Internet Host Name
Internet Host NameInternet Host Name
Internet Host Nameadil raja
 
Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Brandon Arvanaghi
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringCNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringSam Bowne
 
Domain name system advanced power point presentation
Domain name system advanced power point presentationDomain name system advanced power point presentation
Domain name system advanced power point presentationrituchouhan1508
 
DevOpsDays TLV 2019 - The Treacherous Road Towards Multi-DNS
DevOpsDays TLV 2019 - The Treacherous Road Towards Multi-DNSDevOpsDays TLV 2019 - The Treacherous Road Towards Multi-DNS
DevOpsDays TLV 2019 - The Treacherous Road Towards Multi-DNSDaniel Mittelman
 
Domain racer web-hosting
Domain racer web-hostingDomain racer web-hosting
Domain racer web-hostingimrose khan
 

Similar to Subdomain Enumeration (20)

Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptxDafgjgghhghfhjgghjhgy06-Footprinting.pptx
Dafgjgghhghfhjgghjhgy06-Footprinting.pptx
 
Subdomain Takeover
Subdomain TakeoverSubdomain Takeover
Subdomain Takeover
 
DNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and ResponseDNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and Response
 
Tools kali
Tools kaliTools kali
Tools kali
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awareness
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social Engineering
 
Domain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptxDomain Name System and Dynamic Host Configuration Protocol.pptx
Domain Name System and Dynamic Host Configuration Protocol.pptx
 
Chapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptxChapter 10 Domain Name Systems_MWSA.pptx
Chapter 10 Domain Name Systems_MWSA.pptx
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
 
Lecture 5- url-dns
Lecture 5- url-dnsLecture 5- url-dns
Lecture 5- url-dns
 
Tool presentation - Recon-Lit
Tool presentation - Recon-LitTool presentation - Recon-Lit
Tool presentation - Recon-Lit
 
Internet Host Name
Internet Host NameInternet Host Name
Internet Host Name
 
Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17Breadcrumbs to Loaves: BSides Austin '17
Breadcrumbs to Loaves: BSides Austin '17
 
Computer Network Part 1
Computer Network Part 1Computer Network Part 1
Computer Network Part 1
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
CNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social EngineeringCNIT 123: Ch 4: Footprinting and Social Engineering
CNIT 123: Ch 4: Footprinting and Social Engineering
 
Domain name system advanced power point presentation
Domain name system advanced power point presentationDomain name system advanced power point presentation
Domain name system advanced power point presentation
 
DevOpsDays TLV 2019 - The Treacherous Road Towards Multi-DNS
DevOpsDays TLV 2019 - The Treacherous Road Towards Multi-DNSDevOpsDays TLV 2019 - The Treacherous Road Towards Multi-DNS
DevOpsDays TLV 2019 - The Treacherous Road Towards Multi-DNS
 
Recon like a pro
Recon like a proRecon like a pro
Recon like a pro
 
Domain racer web-hosting
Domain racer web-hostingDomain racer web-hosting
Domain racer web-hosting
 

Recently uploaded

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsMonica Sydney
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Balliameghakumariji156
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsPriya Reddy
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...kumargunjan9515
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsMonica Sydney
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasDigicorns Technologies
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理F
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiMonica Sydney
 

Recently uploaded (20)

Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 

Subdomain Enumeration

  • 1.
  • 2. WHAT IS A DOMAIN? • The address where internet users can access your website. • Computers use IP addresses, which are a series of number. However, it is difficult for humans to remember strings of numbers. Because of this, domain names were developed and used to identify entities on the internet rather than using IP addresses. • It can be any combination of letters and numbers. • It can be used in combination of the various domain name TLDs, such as com, net and more.
  • 3. WHAT IS A SUB-DOMAIN? • A subset, or a smaller part of a larger domain. • A second website, with its own unique content, but there is no new domain name. • For example, west.example.com & east.example.com are subdomains of the example.com domain, which in turn is a subdomain of the com Top-Level Domain (TLD). • The TLD is the part that occur right after the last dot in the domain name. • While there are several types of TLDs the most common are com, org, net. • the SLD or Second-Level Domain, is the part that occurs immediately in front of the last dot in the domain name.
  • 4. WHAT IS SUB-DOMAIN ENUMERATION? • Its a process of finding subdomains of a particular Domain Name. • Well, it is not that much hard to find a subdomain of a website. • Various techniques and tools are available for enumerating subdomains. • Much you DIG much you ENUMERATE!!
  • 5. WHY SUB-DOMAIN ENUMERATION? • Enumerating subdomains is crucial step of reconnaissance, as they may point to different parts of a web application or may lead to another website hosted on another server with a different IP address. This allows you to come up with an accurate public network profile for the target organization. • The more subdomains you find, the more likely it is you will find a vulnerability you can exploit. at the very least it might provide a lead which you can pursue in hopes of finding a way inside the network. • Sub-domain enumeration can reveal a lot of sub-domains that are in scope of a security assessment which in turn increases the chances of finding vulnerabilities.
  • 6. SUB-DOMAIN ENUMERATION TECHNIQUES PUBLIC RESOURCES • SEARCH ENGINE • VIRUS TOTAL • PENTEST-TOOLS • HACKER TARGET TOOLS • DNSENUM • SUBLIST3R • KNOCKPY • DNSRECON • FIERCE There are many ways to locate or find subdomains by using some public resources or by using some tools. Let’s have a look into it one-by-one.
  • 7. FINDING SUB-DOMAIN USING PUBLIC RESOURCES SEARCH ENGINES • An easy way to find subdomain without using any tool is by using the search engines. • Search engines like Google and Bing supports different types of advance “search operators” to filter search quires. These advanced operators are also know as “dorks”. • Google also supports additional minus operator to remove sub-domains that we are not interested in “site: paypal.com -inurl:www”
  • 8. FINDING SUB-DOMAIN USING PUBLIC RESOURCES • VirusTotal runs its own particular uninvolved DNS replication benefit, worked by putting DNS resolutions performed when going by URLs presented by clients. • To enumerate subdomains using VirusTotal’s service, you just simply have to enter the domain name in the search box. • List of subdomains will be displayed in few seconds. VirusTotal
  • 9. FINDING SUB-DOMAIN USING PUBLIC RESOURCES PENTEST-TOOLS • Pentest-Tools as a reference is a place for penetration testers where they can find online tools to use in their engagements. • Its majorly being used for Passive Reconnaissance. • Pentest tools is another website which works same as VirusTotal where we can get great number of subdomains. • Pentest-tools offer many services, one of which is Find Subdomains.
  • 10. FINDING SUB-DOMAIN USING PUBLIC RESOURCES HACKER TARGET • HackerTarget is another site, built for Passive Information gathering. • It’s the place where you can enter a domain name and look for its DNS host records. This will dump out all subdomains related with that domain. • Normally, this site’s results are limited to a maximum of 2000 outcomes.
  • 11. FINDING SUB-DOMAIN USING TOOLS • While there are many public resources available for subdomain enumeration, sometimes running programs or scripts from our local machine will turn out to be a bonus. • These tools include performing DNS queries to gather Host Record (A), performing brute-force with possible subdomains permutation and combination. • The tools we will be looking in the part are all Open Source Tools. • Majority of them are available to be downloaded from GitHub. (git clone is your friend)
  • 12. DNSENUM • dnsenum is a tool for DNS Enumeration, which is the process of locating all DNS servers and DNS entries for a domain. • Given a domain name, the dnsenum will start querying the DNS servers of the domain. • The first data that we get is the Host Address (this will also contain subdomains). Next, we see the Name Servers which will give us an idea of the hosting provider that the domain is utilising and after that the MX Record where we can see the mail server of our target host. FINDING SUB-DOMAIN USING TOOLS Download Link : https://github.com/fwaeytens/dnsenum Usage: ./dnsenum.pl [Options] <domain>
  • 13. SUBLIST3R FINDING SUB-DOMAIN USING TOOLS • Sublist3r enumerate subdomains of a given using various passive techniques as well as active techniques. • Which includes, using search engines like Google, Yahoo, Bing, Baidu, Ask, etc. • Sublist3r also enumerates subdomains using Passive enumeration techniques. For which, it usese Public resources like Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS. • Its not limited till Passive reconnaissance, the tools also focuses on gathering subdomains from DNS records, brute-forcing, etc. Download Link : https://github.com/aboul3la/Sublist3r Usage: python sublist3r.py -d <domain> [Options]
  • 14. • Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. • Its designed to scan for DNS Zone Transfer and to try to Bypass the Wildcard DNS record automatically, if it is enabled. • It internally uses a wordlist file which comes with the tool to brute force. But, we can also have our own wordlist to brute force the domain. • Currently knockpy also supports queries to virus total subdomains, you can set the api_key within the config.json file for better results. Download Link : https://github.com/guelfoweb/knock Usage: python knockpy.py <domain> [Options] FINDING SUB-DOMAIN USING TOOLS KNOCKPY
  • 15. • dnsrecon is a python-based tool. It was designed with the purpose of enumerating DNS information about a domain. • In order to find subdomain using this tool all we have to do is, to give a name list and it will try to resolve the A, AAAA and CNAME records against the domain by trying each entry one by one. • dnsrecon comes pre-installed with Kali Linux. dnsrecon -d <domain> [Options] FINDING SUB-DOMAIN USING TOOLS DNSRECON Usage:
  • 16. • Fierce is another pre-installed tool in Kali Linux. Its used for DNS Reconnaissance. • Its original purpose of this tool is to identify DNS records for a given domain. • Fierce first identifies authoritative DNS Servers for the target domain specified. Then it attempts is a zone transfer for all domains from each Authoritative DNS server. • Fierce also uses brute-force method to enumerate host records, so finds out the subdomains for a given domain. fierce –dns <domain>Usage: FIERCE FINDING SUB-DOMAIN USING TOOLS