What is Recon(Reconnaissance) ?
It indicates to the process of collecting as much information as possible about the target system to find the ways to penetrate into the system. This is an main phase while performing Web Penetration.
Why subdomain enumeration is important?
Subdomain enumeration is the most main part of the recon phase.It can help you to broaden the scope, this can disclose a lot of sub-domains that are in the scope of security assessment which will give you more targets to find vulnerabilities and increases your chance to get more bugs.As a penetration tester or a bug bounty hunter, often you're given a single domain when you start a security assessment. You’ll have to execute extensive recon to find interesting assets like servers, web applications, domains that belong to the target organisation so that you can increase your chances of finding vulnerabilities.
So let's start our proceeding 😊
You need pc or laptop.....you can't do it in termux .....
Subfinder Installation:
Like always we'll use apt-get install command
- sudo apt-get install subfinder
You can use the tool by just typing subfinder
HTTPX INSTALLATION:
httpx is wonderful tool it makes subfinder easy to use and more automations....
So let's install it
First you need to install go lang to use this tool
- go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
Once the installation is finished you can check all the features of tool by executing the following command.
- httpx -h
- subfinder -h
So let's start our work
Let us start with basic things
- subfinder -d vulnweb.com
It will gonna enumerate subdomains.
- subfinder -d vulnweb.com -o output.txt
It will store all the subdomains we got above in one text file.
Now we'll check http status code of all the subdomains 😊
Here we'll use httpx tool.
- cat output.txt | httpx -status-code
- subfinder -d exmple.com | httpx –status-code –title
Through httpx u can get status code and many more things after this you can use ffuf ...etc tools.