Perform active subdomain enumeration against the target githubapp.com. Which subdomain has the word 'elephants' in the name?

What’s the Active Enumeration Technique to find the answer for this question?:

Perform active subdomain enumeration against the target githubapp.com. Which subdomain has the word ‘elephants’ in the name?

I found the answer using Passive technique: Information gathering - web edition

But I want to know the proper Active Technique for this?
or is it just purely brute-forcing? and not from DNS enumeration?
I tried active tools to get the correct answer but I failed.
Anyone got a writeup?

Advanced thanks!

sublist3r is your friend for this task

1 Like

I tried it too, but what settings/parameters should I load into it?
I am using /SecLists/master/Discovery/DNS/namelist.txt but it doesnt contain the answer.

You only need the parameter -d
You can then search the output with grep.

■■■ it worked!
didn’t tried this super basic command without wordlists.
thanks!

Sometimes it’s the simple things that get overlooked. :wink:

1 Like

IM DOING THIS now but mine says triage I tried the things listed above and none worked

it doesn’t work, i’ve found just one sub. but with “NMMAPPER” we can resolve also the question

I’m having issues too with sublist3r.
I get an error after some times of running.

4 Likes

I have the same problem with sublist3r. But you can also use the site https://crt.sh to look for the subdomains.

8 Likes

Dude You Are So cool
just took 10 sec to find :slight_smile: :smiling_face_with_tear:

Me too with sublist3r. I get subdomains back but not the ones the question is asking for.

image

But, your tips about https://crt.sh is spot on. Thanks!

1 Like

Did anyone get the right result using sublist3r ?

I got the answer using crt.sh but i want to know how to get answer using sublist3r ?

sublist3r -d githubapp.com did not work for me as shown above. sublist3r -d githubapp.com -b is taking way too long

Just try TheHarvester.

Thanks to the crt.sh guy!
Dont waste your time with sublist3r… just Errors like:
[!] Error: Virustotal probably now is blocking our requests
[!] Error: Google probably now is blocking our requests
[~] Finished now the Google Enumeration …