Perform active subdomain enumeration against the target githubapp.com. Which subdomain has the word 'elephants' in the name?

What’s the Active Enumeration Technique to find the answer for this question?:

Perform active subdomain enumeration against the target githubapp.com. Which subdomain has the word ‘elephants’ in the name?

I found the answer using Passive technique: Information gathering - web edition

But I want to know the proper Active Technique for this?
or is it just purely brute-forcing? and not from DNS enumeration?
I tried active tools to get the correct answer but I failed.
Anyone got a writeup?

Advanced thanks!

sublist3r is your friend for this task

1 Like

I tried it too, but what settings/parameters should I load into it?
I am using /SecLists/master/Discovery/DNS/namelist.txt but it doesnt contain the answer.

You only need the parameter -d
You can then search the output with grep.

■■■ it worked!
didn’t tried this super basic command without wordlists.
thanks!

Sometimes it’s the simple things that get overlooked. :wink:

1 Like