WebApp Pentesting: Subdomain Enumeration with NMAP

Hi there,
I was very busy in previous days but i am back with my new Series on Most Common Web Application Vulnerability. In last post we talked about what is Cross Site Scripting its type and how to exploit it for full system access. 
Now in this post we will talk about Subdomain Enumeration. As a Security Researcher it is very essential to know all the subdomain of the site so we can full check all the flaws related to all subdomains.But there is very limited tools to search for all the subdomains of a website. 
So i am now elaborating how you can get to know all the subdomains of a website with a simple Nmap script. 

Nmap is a fantastic information gathering tools which can be used for various purposes.

Now how to enumerate all the subdomains of a site using nmap.

There is a script for subdomain enumeration in Nmap you can use to get all the subdomains of a site. Script name is dns-brute to lets take a look how can you use this.

In the example i am using Nmap GUI.

1. Open Nmap  in GUI or use can use any linux distribution which have linux installed just simply type this command 

nmap --script dns-brute site_name

2. Press enter and it will start enumeration all the subdomains for you but it will take some time and after that the results will be shown like that




So here you learnt how to enumerate subdomain using Nmap with a simple Nmap script.

More posts coming soon 

stay tuned


Thanks 
Jitendra Singh(Team Computer Korner)

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!