is a reconnaissance tool or often known as Subfinder. It is a subdomain enumerator to find subdomains from the main domain of the target we are targeting.
Main Topics
Discussing the Reconnaissance phase is an introductory phase to getting started with penetration testing using the Subfinder and Dirsearch tools. For this, I need to explain the understanding of these two tools
1. Subfinder
is a reconnaissance tool or often known as Subfinder. It is a subdomain enumerator to find subdomains from the main domain of the target we are targeting.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
┌──(infosec㉿infosec)-[~]
└─$ subfinder -d mytarget.com -o report.txt
[INF] Detected old /home/infosec/.config/subfinder/config.yaml config file, trying to migrate providers to /home/infosec/.config/subfinder/provider-config.yaml
[INF] Migration successful from /home/infosec/.config/subfinder/config.yaml to /home/infosec/.config/subfinder/provider-config.yaml.
__ _____ __
_______ __/ /_ / __(_)___ ____/ /__ _____
/ ___/ / / / __ \/ /_/ / __ \/ __ / _ \/ ___/
(__ ) /_/ / /_/ / __/ / / / / /_/ / __/ /
/____/\__,_/_.___/_/ /_/_/ /_/\__,_/\___/_/
projectdiscovery.io
[INF] Current subfinder version v2.6.0 (outdated)
[INF] Loading provider config from /home/infosec/.config/subfinder/provider-config.yaml
[INF] Enumerating subdomains for mytarget.com
I did not include the target domain that I tried for privacy reasons, for that I illustrated the main target domain with mytarget.com here we will get results where the main target domain has subdomains according to what it has. With this tool we can see how many subdomains there are.
If you look at the command that I typed there is the -o report.txt parameter, this means that -o is the output that will be generated so that I can save it into the report.txt file, we can use this to make it easier to create a scanning report for analysis at a later date.
but after we do scanning with the command $ subfinder -d mytarget.com -o report.txt all subdomains will be scanned by the subfinder application without us knowing whether the subdomain is active or not, for that in the next article I will write an article on how to use a tool to select which subdomains are active and inactive. The tool is called HTTPX TOOL
2. Tools for scanning directories on a target website using DIRSEARCH
This tool will make it easier for us to find any directories including sensitive files or not from a target that we will test for weaknesses, besides being open source this tool is also easy to understand and use by even a beginner. And if a target is very vulnerable we can get sensitive files from the system.
This tool will provide clear information from a target website, it will show what directory information is in it that we have successfully scanned using the dirsearch tool, along with the Response Code that we can do to take the next step.
These 2 tools are a small example in the reconnaissance process in doing ethical hacking, I hope that anyone who learns this tool will learn more deeply in using this tool, because there are still very many functions and commands in its use.
