What’s the Active Enumeration Technique to find the answer for this question?:
Perform active subdomain enumeration against the target
githubapp.com. Which subdomain has the word ‘elephants’ in the name?
I found the answer using Passive technique:
Information gathering - web edition
But I want to know the proper Active Technique for this?
or is it just purely brute-forcing? and not from DNS enumeration?
I tried active tools to get the correct answer but I failed.
Anyone got a writeup?
sublist3r is your friend for this task
I tried it too, but what settings/parameters should I load into it?
I am using /SecLists/master/Discovery/DNS/namelist.txt but it doesnt contain the answer.
You only need the parameter -d
You can then search the output with grep.
■■■ it worked!
didn’t tried this super basic command without wordlists.
Sometimes it’s the simple things that get overlooked.
IM DOING THIS now but mine says triage I tried the things listed above and none worked
it doesn’t work, i’ve found just one sub. but with “NMMAPPER” we can resolve also the question
November 13, 2022, 11:52am
I’m having issues too with sublist3r.
I get an error after some times of running.
I have the same problem with sublist3r. But you can also use the site
https://crt.sh to look for the subdomains.
Dude You Are So cool
just took 10 sec to find
Me too with sublist3r. I get subdomains back but not the ones the question is asking for.
But, your tips about
https://crt.sh is spot on. Thanks!
Did anyone get the right result using sublist3r ?
I got the answer using crt.sh but i want to know how to get answer using sublist3r ?
githubapp.com did not work for me as shown above. sublist3r -d githubapp.com -b is taking way too long
Thanks to the crt.sh guy!
Dont waste your time with sublist3r… just Errors like:
[!] Error: Virustotal probably now is blocking our requests
[!] Error: Google probably now is blocking our requests
[~] Finished now the Google Enumeration …