-1

It is possible to scan subdomains of network without brute-force attack?

If yes, how it works?

I tried to scan the network with some penetrating tools and it returned to me subdomain which doesn't have link on the main domain. But it didn't see the others subdomains which I know there are.

Do these penetrating tools also work on brute-force attack (like subdomain scanner)?

Thanks!

John Doe
  • 1
  • 1
  • Have you tried community.riskiq.com? It lists all domains associated and subdomains of the site in question. I'm not sure what you mean by brute-force attack but the site I mentioned should grab every subdomain. – Crumblez Apr 17 '19 at 17:35
  • I mean trying subdomain until I get some subdomain. On your website I cannot find subdomain which has been finded by Censys (penetrating tool). – John Doe Apr 17 '19 at 17:43
  • The duplicate question includes brute force methods but it also includes other methids. – schroeder Apr 17 '19 at 18:36

1 Answers1

0

Are you looking for something like Sublist3r (https://github.com/aboul3la/Sublist3r) ?

Quoting from it's description since I can't explain it better :

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.

EQT_STRIKE
  • 53
  • 4