Network Information

MITRE ATT&CK, Reconnaissance, Technique T1590

DNS Information

Subdomain enumeration is the process of finding valid resolvable subdomains for a companies domain(s). The more you can find, the more you can hack.

site:*.$domain -www)

# Passive subdomain enumeration
dome.py -m passive -d $domain

# Active enumeration
dome.py -m active -d $domain

# Passively enumerate subdomains
sublist3r.py -d $domain

# Enumerate subdomains and utilize the 'brute force' module
sublist3r.py -b -d $domain

# Enumerate subdomains
dnsrecon -d $domain

# Enumerate subdomains and perform a zone transfer
dnsrecon -a -d $domain

# Retrieve the target domains ASN number
amass enum -d $domain

# Actively enumerate subdomains
gobuster dns --domain $domain --wordlist $wordlist

Hurricane Electric Internet Services is a fast way to identify what company owns what IP

SecurityTrails Another good site for verifying IP addresses and netblocks belonging to an organization

NetblockTool can be used to gather IP ranges, points of contact, and even netblocks belonging to your target’s subsidiaries

Basic usage

python3 NetblockTool.py -v [COMPANY]

Extract ranges owned by the target company’s subsidiaries

python3 NetblockTool.py -v Company -s

Last updated 6 months ago