All Rooms
Subdomain Enumeration
easy30 mintryhackme
Learn three methods of subdomain enumeration: OSINT (SSL/TLS certificate transparency logs, Google dorking), DNS brute force (dnsrecon, Sublist3r), and virtual host discovery (ffuf with Host header fuzzing). You'll discover hidden subdomains on the Acme IT Support domain that expand the attack surface for further testing.
Skills You Will Learn
subdomain-enumerationdns-bruteforceosintcertificate-transparencyvirtual-host-discoveryffuf
Prerequisites
- thm-contentdiscovery
- content-discovery
Walkthrough Phases
1
Introduction to Subdomain Enumeration
Understand why subdomain enumeration matters and the three main methods
2
OSINT Techniques
Discover subdomains using passive, public data sources
3
DNS Brute Force
Actively brute-force subdomains using wordlists
4
Virtual Host Discovery
Find subdomains via HTTP Host header fuzzing
9 questions to answer
alienrecon start thm-subdomainenumerationDon't have AlienRecon? Get started here