What’s the Active Enumeration Technique to find the answer for this question?:
Perform active subdomain enumeration against the target githubapp.com. Which subdomain has the word ‘elephants’ in the name?
I found the answer using Passive technique: Information gathering - web edition
But I want to know the proper Active Technique for this?
or is it just purely brute-forcing? and not from DNS enumeration?
I tried active tools to get the correct answer but I failed.
Anyone got a writeup?
sublist3r is your friend for this task
I tried it too, but what settings/parameters should I load into it?
I am using /SecLists/master/Discovery/DNS/namelist.txt but it doesnt contain the answer.
You only need the parameter -d
You can then search the output with grep.
■■■ it worked!
didn’t tried this super basic command without wordlists.
Sometimes it’s the simple things that get overlooked.
IM DOING THIS now but mine says triage I tried the things listed above and none worked
it doesn’t work, i’ve found just one sub. but with “NMMAPPER” we can resolve also the question
I’m having issues too with sublist3r.
I get an error after some times of running.
I have the same problem with sublist3r. But you can also use the site https://crt.sh to look for the subdomains.
Dude You Are So cool
just took 10 sec to find
Me too with sublist3r. I get subdomains back but not the ones the question is asking for.
But, your tips about https://crt.sh is spot on. Thanks!
Did anyone get the right result using sublist3r ?
I got the answer using crt.sh but i want to know how to get answer using sublist3r ?
sublist3r -d githubapp.com did not work for me as shown above. sublist3r -d githubapp.com -b is taking way too long
Thanks to the crt.sh guy!
Dont waste your time with sublist3r… just Errors like:
[!] Error: Virustotal probably now is blocking our requests
[!] Error: Google probably now is blocking our requests
[~] Finished now the Google Enumeration …
For anyone that’s having issues with crt.sh (for some reason I am getting the following error:
FATAL: terminating connection due to conflict with recovery
DETAIL: User query might have needed to see row versions that must be removed.
CONTEXT: PL/pgSQL function web_apis(text,text,text) line 4216 at FOR over EXECUTE statement
ERROR: server conn crashed?
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
Try using https://rapiddns.io/
It took 2 seconds to run and then search for “trige”
This is something that opened my boxed mind.
I had been on this question for days, although mine was “triage”. Found your comment and I solved it immediately. Thank you!
I used subfinder with the command
subfinder -d githubapp.com | grep triage and successfully found the subdomain