Subdomain Enumeration

IP Range Bulma

Bu site ile bir şirkete ait IP bloklarını listeleriz: https://bgp.he.net/

Subfinder

Pasif tarama yaparak subdomainleri listeler.

# FREE bevigil builtwith fofa securitytrails shodan zoomeye
mousepad ~/.config/subfinder/provider-config.yaml
subfinder -silent -all -dL domains.txt | anew subdomains.txt

DNS Bruteforce

shuffledns -d example.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -r resolver.txt -mode bruteforce

Live DNS

cat subdomains.txt | dnsx -silent | anew livesubdomains.txt

Live Subdomains

cat livesubdomains.txt | httpx -silent -sc -cl -title -server -td -cdn -fr -mc 200,302 | anew live.txt

Assetfinder

Bu tool verilen domainle bağlantı olabilecek diğer domain ve subdomainleri bulur.

assetfinder example.com

VHOST Enumeration

ffuf -u http://example.com/ -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt -H 'HOST: FUZZ.example.com' -fs 15949

Bug Bounty Target Toplama

# Hackerone
curl -sL https://raw.githubusercontent.com/arkadiyt/bounty-targets-data/main/data/hackerone_data.json | jq -r '.[].targets.in_scope[] | [.asset_identifier, .asset_type] | @tsv' > hackerone.txt

# Bugcrowd
curl -sL https://raw.githubusercontent.com/arkadiyt/bounty-targets-data/main/data/bugcrowd_data.json | jq -r '.[].targets.in_scope[] | [.target, .type] | @tsv' > bugcrowd.txt

# Intigriti
curl -sL https://raw.githubusercontent.com/arkadiyt/bounty-targets-data/main/data/intigriti_data.json | jq -r '.[].targets.in_scope[] | [.endpoint, .type] | @tsv' > intigriti.txt

# YesWeHack
curl -sL https://raw.githubusercontent.com/arkadiyt/bounty-targets-data/main/data/yeswehack_data.json | jq -r '.[].targets.in_scope[] | [.target, .type] | @tsv' > yeswehack.txt

PreviousPassive Information Gathering NextHost Discovery

Last updated 8 days ago