Recon - Subdomain Enumeration Playground

Learning Path
Offensive Security
Ideal for
Security Architect
Security Engineer
Cloud Labs

Reconnaissance or information gathering is one of the least ‘glamorous’ parts of a hacker’s playbook, but in many ways is the most important. Subdomain enumeration—identifying all the subdomains of a given domain—is a way for attackers to find potential targets to exploit or misconfigured DNS entries.

This Playground is all about using various recon techniques to perform subdomain enumeration. We start by looking at passive enumeration, where attackers make use of publicly available data and query DNS records. Next, you’ll learn active subdomain enumeration, where you’ll be sending requests and directly interacting with the web application.

Using a host of permutations, we’ll be learning all these techniques using hands-on labs. This being a Playground, you’ll have a sandbox-style environment where you can play around with the code and freely attempt exploits of your own on the network.

You might also like these courses

Or explore these Learning Paths


Passive Subdomain Enumeration

Active Subdomain Enumeration

Active Subdomain Enumeration With Permutations