Subdomain Scan
Training Overview
The "Subdomain Scan" training focuses on techniques for discovering subdomains, which play a significant role in assessing the security of a website. The training begins with an explanation of subdomains, virtual hosts (vhosts), and wordlists, emphasizing their place and importance in cybersecurity. Participants will learn passive and active subdomain enumeration techniques that can uncover potential vulnerabilities and hidden services of a target. Passive subdomain detection involves collecting subdomains of the target from existing databases and archives, highlighting the importance of gathering maximum information with minimal interaction.
The training then moves on to subdomain and vhost fuzzing techniques using the ffuf (Fast web fuzzer) tool, as well as more active scanning methods performed with Gobuster's dns and vhost modes. These sections allow the user to analyze the target's infrastructure in more detail and potentially discover overlooked vulnerabilities or services.
What You Will Learn
- The difference between passive and active subdomain enumeration.
- How to use ffuf for both subdomain and VHOST fuzzing.
- How to use Gobuster's DNS and VHOST modes for discovery.
- How to leverage public data sources for passive discovery.
Who is this for?
- Penetration Testers and Bug Bounty Hunters.
- Red Teamers mapping an organization's attack surface.
- System Administrators trying to inventory their public-facing assets.
Prerequisites
- A basic understanding of DNS and how domain names work.
- Comfort with using command-line tools.
Tools You Will Use
- ffuf
- Gobuster
- Subfinder
- Amass
Training Sections
- Introduction
- Pasif Subdomain Enumeration
- Ffuf - Subdomain Fuzzing
- Ffuf - Vhost Fuzzing
- Gobuster - DNS Mode
- Gobuster - Vhost Mode
- Exam