Bug Bounty Hunting | Reconnaissance | Subdomain Enumeration
Hola Hunters, today I will be sharing a simple yet effective way to go about in your bug hunting ventures and gather lots of useful assets to hack in. This post will be focused on the aspect of subdomain enumeration.
What is a Subdomain?
So, before diving into subdomain enumeration, let’s briefly talk about what exactly subdomains are. Let’s try to understand this better with help of this illustration below.
As you can see here, subdomain is what goes between the protocol and the domain name. For example, in
https://mail.google.com
The protocol is https, subdomain is “mail” and the domain is google.com.
Alright, now since we have the basic understanding of what a subdomain is, let us move to the fun part, i.e, subdomain enumeration.
Tools Used
First let’s have a look on the tools we will be using for this purpose: