TLDRBins TLDRBins / Subdomain Enum

Usage Tips:

  • Click on a keyword to enable inline editing.
  • Click inside a code block to copy (excludes comments).
  • Use the button to view examples.
  • Click outside to collapse all examples.

Add Domain/Subdomain to '/etc/hosts'

echo "<TARGET_IP> <DOMAIN>" | sudo tee -a /etc/hosts

Sample Output:
TO-DO

Subdomain Enum

wfuzz -w /usr/share/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt -H "Host: FUZZ.<DOMAIN>" -u 'http://<DOMAIN>'

Sample Output:
TO-DO
# Take note of the word size, Ctrl+C to interrupt the process, then run again
wfuzz -w /usr/share/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt -H "Host: FUZZ.<DOMAIN>" -u 'http://<DOMAIN>' --hw <WORD>

Sample Output:
TO-DO

Filter Out Response with Header

wfuzz -w /usr/share/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt -H "Origin: http://FUZZ.<DOMAIN>" --filter "r.headers.response ~ '<HEADER>'" -u 'http://<DOMAIN>'

Sample Output:
# For example: Access-Control-Allow-Origin
wfuzz -w /usr/share/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt -H "Origin: http://FUZZ.<DOMAIN>" --filter "r.headers.response ~ 'Access-Control-Allow-Origin'" -u 'http://example.com'

gobuster vhost -w /usr/share/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt -u 'http://<DOMAIN>'

Sample Output:
TO-DO