馃悋
CheatSheet
  • Inicio
  • Web Site
    • Subdomain
  • API
    • Recolecci贸n de Informacion
      • Directorios
      • OSINT
      • Enumeracion en Endpoints
    • Busqueda de Vulnerabilidades
      • Validaciones
      • Mal manejo de errores
      • Sesiones
      • IDOR
      • Ataques de Inyecci贸n
      • Exposici贸n de datos sensibles
      • Otras posibles vulnerabilidades
      • Rate Limit
      • Cors
      • Ataques de Cabeceras
      • Prototype Pollution
      • Ataque de deserializaci贸n
      • Ataques JWT
  • Mobile
    • PlayStore to APK
    • Bypass Ofuscacion Xamarin
    • Bypass Flutter
  • Miscelanio
    • SSH
    • Docker
    • DNS
    • Silver Ticket
    • LDAP
    • Shell Command Files (SCF)
    • SPOOLER
    • JuicyPotato
    • TOMCAT
    • Proc Enum
    • Primitives
    • Archivos .crash
    • Nginx
    • FTP
    • Pivoting
    • Web API to Postman
    • Web Sockets
    • OTP
    • FastInfoset
  • Post Explotaci贸n
    • Dump HTTP Credentials
  • Configuraciones Burpsuite
    • BurpCollaborator Server Privado
Powered by GitBook
On this page
  • Subdomain Enumeration
  • WayBackUrls
  • Crt.sh
  • Sublist3r
  • Subfinder
  • Amass
  • Wordlist
  1. Web Site

Subdomain

Subdomain Enumeration

Enumeracion de subdominios mediante diferentes metodos

WayBackUrls

echo 'domain.com' | waybackurls | cut -d '/' -f 3 | cut -d ':' -f 1 | sort -u > subdomains.txt

Crt.sh

LogoGitHub - az7rb/crt.sh: Crtsh Subdomain Enumeration | This bash script makes it easy to quickly save and parse the output from https://crt.sh website.GitHub
crt.sh -d domain.com

Sublist3r

LogoGitHub - aboul3la/Sublist3r: Fast subdomains enumeration tool for penetration testersGitHub
sublist3r -d domain.com

Subfinder

LogoGitHub - projectdiscovery/subfinder: Subfinder is a subdomain discovery tool that discovers valid subdomains for websites. Designed as a passive framework to be useful for bug bounties and safe for penetration testing.GitHub
subfinder -d domain.com -o subdomains

Amass

LogoGitHub - owasp-amass/amass: In-depth Attack Surface Mapping and Asset DiscoveryGitHub
amass enum -active -d domain.com -brute -w dns-Jhaddix.txt -o subdomains

Wordlist

LogoSecLists/Discovery/DNS/dns-Jhaddix.txt at master 路 danielmiessler/SecListsGitHub

Last updated 10 months ago