Another great tool I recently came across is the subbrute tool. I know that dirb and dirbuster can help you enumerate the various paths for a URL/domain, but this tool lets you go the other way by discovering the subdomains.

To install the tool on Kali:
git clone https://github.com/TheRook/subbrute.git

Then to run it you only need to type:
python subbrute.py website.domain

This will find all the subdomains it can and from there you can launch the dirb/dirbuster tool against a discovered subdomain of interest.

Another nice tool is dnsrecon – one command example you can try:
dnsrecon -d website.domain -g
(use -h for help – but just to explain this command: the -d is for the domain and the -g is to include google in the recon)

Lastly you can make use of theHarvester for your subdomain enumeration requirements – it also allows you to specify the data source by using the -b flag:
theharvester -d website.domain -b google

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s