Closed theMiddleBlue closed 7 years ago
Hi!
I've just tried it and it seems very powerful! I usually check a domain name on virustotal.com/domain information as an integration of a subdomains enumeration activity (my little bash script: theMiddleBlue/DNSenum).
I'm not sure if virustotal accepts this... but usually, I get a list of subdomains from https://www.virustotal.com/it/domain/${DOMAIN_NAME}/information/ with something like this:
curl -s \ -c vtcookie.txt \ -b vtcookie.txt \ -A "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36" \ "https://www.virustotal.com/en-gb/domain/example.com/information/" curl -s \ -c vtcookie.txt \ -b vtcookie.txt \ -A "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36" \ "https://www.virustotal.com/en-gb/domain/example.com/information/" | egrep "\<a target\=.\_blank. href\=..en\-gb.domain" | awk 'BEGIN{FS="/"}{print $4}'
the output is:
ns1.example.com fake6.example.com fake5.example.com fake4.example.com fake3.example.com fake2.example.com fake1.example.com fake7.example.com mail2.example.com www.example.com
Hope this can be useful 😄
Subdomain enumeration is already implemented and it works quite well, but thanks for your feedback.
Hi!
I've just tried it and it seems very powerful! I usually check a domain name on virustotal.com/domain information as an integration of a subdomains enumeration activity (my little bash script: theMiddleBlue/DNSenum).
I'm not sure if virustotal accepts this... but usually, I get a list of subdomains from https://www.virustotal.com/it/domain/${DOMAIN_NAME}/information/ with something like this:
the output is:
Hope this can be useful 😄