Labs

Passive Subdomain Enumeration

Active Subdomain Enumeration

Active Subdomain Enumeration With Permutations

Course Content

Playgrounds are sandbox-style lab environments where you need to attack and defend a target application from each vulnerability. Our learn-by-doing approach ensures concepts are retained.

Reconnaissance or information gathering is one of the least ‘glamorous’ parts of a hacker’s playbook, but in many ways is the most important. Subdomain enumeration—identifying all the subdomains of a given domain—is a way for attackers to find potential targets to exploit or misconfigured DNS entries.

This Playground is all about using various recon techniques to perform subdomain enumeration. We start by looking at passive enumeration, where attackers make use of publicly available data and query DNS records. Next, you’ll learn active subdomain enumeration, where you’ll be sending requests and directly interacting with the web application.

Using a host of permutations, we’ll be learning all these techniques using hands-on labs. This being a Playground, you’ll have a sandbox-style environment where you can play around with the code and freely attempt exploits of your own on the network.

Intermediate

2
Hours
1
Lessons
3
Cloud Labs
learning path:
Offensive Security

Recon - Subdomain Enumeration Playground

Ideal for
Security Architect
Security Engineer
Get Started

You might also like these courses

Or explore these Learning Paths

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
X
Copyright AppSecEngineer © 2025