1. DNS/hijacking/SubdomainTakeover/Enumeration
The Art of Subdomain Enumeration
https://blog.sweepatic.com/art-of-subdomain-enumeration/
サブドメインを見つける手段の解説
もっと便利な道具もある。:-< (Domain Historyの中)
-- ToshinoriMaeno 2019-04-23 14:51:12
http://10degres.net/subdomain-enumeration/ (手法、ツール)
https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6
https://twitter.com/CreedHackers/status/1067449832946745344
Oneliner Subdomain Enumeration using #Wayback 〰️🔙 curl -s "http://web.archive.org/cdx/search/cdx?url=*.qmail.jp/*&output=text&fl=original&collapse=urlkey" |sort| sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | uniq
Stop Using Python for Subdomain Enumeration April 20, 2019 by Alex Flores https://sec.alexflor.es/post/subdomain_enum/
https://twitter.com/nemessisc/status/1119329883824508933
Interesting for subdomain enumeration I like to user sublist3r on Kali but seems there is a project aiming to be the predecessor with a tool written in Go with very similar command line options: 5:00 - 2019年4月20日
https://github.com/subfinder/subfinder
https://github.com/danielmiessler/SecLists
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.
List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. https://www.owasp.org/index.php/OWASP…
github tools related to subdomain enumeration like
domained lazyrecon autorecon osmedus
Subbrute, Fernmelder, Amass
https://securityonline.info/amass-subdomain-enumeration/
- amass v2.9.9 releases: In-depth subdomain enumeration written in Go
massdns + subbrute