Using massdns to filter live hosts/Subdomains from the list of hosts/subdomains

Well subdomains enumeration is the most important part of pentesting web app. But most of the time we get alot of subdomains . But most of them aren't live anymore so it would be better to remove them from your target.txt or subdomains.txt if you perform the mass scanning with nmap or you are passing your target.txt to any tool.

So lets get started

Lets Assume you are pentesting mytarget.com. And when you searched for subdomains you got like more than 1000 subdomains and you save them into subdomains.txt


Now download the massdns tool. For that go to terminal and type

$git clone https://github.com/blechschmidt/massdns.git

Now i have both the tools and the subdomains on the same folder. Go to terminal and type

$./massdns/bin/massdns -r massdns/lists/resolvers.txt -t A -o S subdomains.txt -w livehosts.txt

Now you have livehosts.txt file with only live hosts/subdomains but you have to get only the subdomains not the whole bunch of text inside it


for that open terminal and type

$ sed 's/A.*//' livehosts.txt | sed 's/CN.*//' | sed 's/\..$//' > live_subdomains.txt

's/A.*//' livehosts.txt                           Removes everything after A
sed 's/CN.*//'                                  Removes everything after CN
sed 's/\..$//'                                  Removes . at the end of domains

and live subdomains.txt will be only subdomains

Thats it !


Thank you !