# Subdomain

## Subdomain Enumeration

Enumeracion de subdominios mediante diferentes metodos

### WayBackUrls

```bash
echo 'domain.com' | waybackurls | cut -d '/' -f 3 | cut -d ':' -f 1 | sort -u > subdomains.txt
```

### Crt.sh

{% embed url="<https://github.com/az7rb/crt.sh>" %}

```
crt.sh -d domain.com
```

### Sublist3r

{% embed url="<https://github.com/aboul3la/Sublist3r>" %}

```
sublist3r -d domain.com
```

### Subfinder

{% embed url="<https://github.com/projectdiscovery/subfinder>" %}

```
subfinder -d domain.com -o subdomains
```

### Amass

{% embed url="<https://github.com/owasp-amass/amass>" %}

<pre data-overflow="wrap"><code><strong>amass enum -active -d domain.com -brute -w dns-Jhaddix.txt -o subdomains
</strong></code></pre>

### Wordlist

{% embed url="<https://github.com/danielmiessler/SecLists/blob/master/Discovery/DNS/dns-Jhaddix.txt>" %}