Well subdomains enumeration is the most important part of pentesting web app. But most of the time we get alot of subdomains . But most of them aren't live anymore so it would be better to remove them from your target.txt or subdomains.txt if you perform the mass scanning with nmap or you are passing your target.txt to any tool.
So lets get started
Lets Assume you are pentesting mytarget.com. And when you searched for subdomains you got like more than 1000 subdomains and you save them into subdomains.txt
Now download the massdns tool. For that go to terminal and type
$git clone https://github.com/blechschmidt/massdns.git
Now i have both the tools and the subdomains on the same folder. Go to terminal and type
$./massdns/bin/massdns -r massdns/lists/resolvers.txt -t A -o S subdomains.txt -w livehosts.txt
Now you have livehosts.txt file with only live hosts/subdomains but you have to get only the subdomains not the whole bunch of text inside it
for that open terminal and type
$ sed 's/A.*//' livehosts.txt | sed 's/CN.*//' | sed 's/\..$//' > live_subdomains.txt
's/A.*//' livehosts.txt Removes everything after A
sed 's/CN.*//' Removes everything after CN
sed 's/\..$//' Removes . at the end of domains
and live subdomains.txt will be only subdomains
Thats it !
Thank you !
I haven't heard a lot about amass, but I did intergrate over 6 tools https://www.nmmapper.com/sys/tools/subdomainfinder/ including Sublist3r is among the six include amass, nmaps' dns-brute.
ReplyDeleteUsing Massdns To Filter Live Hosts/Subdomains From The List Of Hosts/Subdomains >>>>> Download Now
Delete>>>>> Download Full
Using Massdns To Filter Live Hosts/Subdomains From The List Of Hosts/Subdomains >>>>> Download LINK
>>>>> Download Now
Using Massdns To Filter Live Hosts/Subdomains From The List Of Hosts/Subdomains >>>>> Download Full
>>>>> Download LINK 84
Thank you it helped me a lot.
ReplyDeleteThanks alot.
ReplyDeleteThis was really helpful.
Add sort -u at the end to sort results and remove duplicates
ReplyDeletesed 's/A.*//' livehosts.txt | sed 's/CN.*//' | sed 's/\..$//' | sort -u > live_subdomains.txt