Reconnaissance or information gathering is one of the least ‘glamorous’ parts of a hacker’s playbook, but in many ways is the most important. Subdomain enumeration—identifying all the subdomains of a given domain—is a way for attackers to find potential targets to exploit or misconfigured DNS entries.
This Playground is all about using various recon techniques to perform subdomain enumeration. We start by looking at passive enumeration, where attackers make use of publicly available data and query DNS records. Next, you’ll learn active subdomain enumeration, where you’ll be sending requests and directly interacting with the web application.
Using a host of permutations, we’ll be learning all these techniques using hands-on labs. This being a Playground, you’ll have a sandbox-style environment where you can play around with the code and freely attempt exploits of your own on the network.
Passive Subdomain Enumeration
Active Subdomain Enumeration
Active Subdomain Enumeration With Permutations