Perform active subdomain enumeration against the target Which subdomain has the word 'elephants' in the name?

What’s the Active Enumeration Technique to find the answer for this question?:

Perform active subdomain enumeration against the target Which subdomain has the word ‘elephants’ in the name?

I found the answer using Passive technique: Information gathering - web edition

But I want to know the proper Active Technique for this?
or is it just purely brute-forcing? and not from DNS enumeration?
I tried active tools to get the correct answer but I failed.
Anyone got a writeup?

Advanced thanks!

sublist3r is your friend for this task


I tried it too, but what settings/parameters should I load into it?
I am using /SecLists/master/Discovery/DNS/namelist.txt but it doesnt contain the answer.

You only need the parameter -d
You can then search the output with grep.

■■■ it worked!
didn’t tried this super basic command without wordlists.

Sometimes it’s the simple things that get overlooked. :wink:

1 Like

IM DOING THIS now but mine says triage I tried the things listed above and none worked

it doesn’t work, i’ve found just one sub. but with “NMMAPPER” we can resolve also the question

I’m having issues too with sublist3r.
I get an error after some times of running.


I have the same problem with sublist3r. But you can also use the site to look for the subdomains.


Dude You Are So cool
just took 10 sec to find :slight_smile: :smiling_face_with_tear:

Me too with sublist3r. I get subdomains back but not the ones the question is asking for.


But, your tips about is spot on. Thanks!

1 Like

Did anyone get the right result using sublist3r ?

I got the answer using but i want to know how to get answer using sublist3r ?

sublist3r -d did not work for me as shown above. sublist3r -d -b is taking way too long

Just try TheHarvester.

Thanks to the guy!
Dont waste your time with sublist3r… just Errors like:
[!] Error: Virustotal probably now is blocking our requests
[!] Error: Google probably now is blocking our requests
[~] Finished now the Google Enumeration …

For anyone that’s having issues with (for some reason I am getting the following error:

FATAL: terminating connection due to conflict with recovery
DETAIL: User query might have needed to see row versions that must be removed.
CONTEXT: PL/pgSQL function web_apis(text,text,text) line 4216 at FOR over EXECUTE statement
ERROR: server conn crashed?
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.


Try using
It took 2 seconds to run and then search for “trige”

This is something that opened my boxed mind.
Thank you!

I had been on this question for days, although mine was “triage”. Found your comment and I solved it immediately. Thank you!

I used subfinder with the command subfinder -d | grep triage and successfully found the subdomain