🩸
Pentesting Checklist
  • 👀General Checklist
    • 👁️Recon & Scanning
      • Nmap Scan
    • 🌡️Services
      • SSH
      • FTP
      • Samba
      • Git
      • SNMP
    • ⚙️Reverse Engineering
      • General
      • Android apks
      • Windows Exe or .net binaries
  • 🐞Web Application Checklist
    • 🧠Web App Attack Techniques
      • Password Smuggling Attack
    • 😍Fuzzing with ffuf
    • 💄Directory Fuzzing
      • Using the tools
      • Wordlists to use
    • 👾Subdomain Fuzzing
      • Normal fuzzing
      • Finding through DNS
    • 🎯LFI/RCE
      • LFI
        • What to do once obtained
      • RCE
      • Misc
  • ☕Linux Checklist
    • Page 2
  • 🪟Windows Checklist
    • 💀Windows Connection Methods
  • 🖇️Tips & Tricks
    • Transferring Files
      • 🐧Linux
      • 📸Windows
    • Pivoting / Lateral Movement Techniques
      • proxychains
      • chisel
      • sshuttle
      • ligolo-ng
    • 🧩Fuzzing
    • 🙃Credential Brute-Forcing
  • 🍒Other useful resources:
    • Page 7
Powered by GitBook
On this page
  1. Web Application Checklist
  2. Subdomain Fuzzing

Normal fuzzing

fuzzing with usual fuzzing tools

  • For this to work, add the normal domain (Ex: apple.htb) to /etc/hosts and route to the ip

    • wfuzz -H 'Host: FUZZ.domain' -u 'domain' -w /usr/share/seclists/Discovery/DNS/combined_subdomains.txt -f subdomains.txt

      • Figure out what it repeats under word category and rerun the command adding in the option —hw num_of_words

PreviousSubdomain FuzzingNextFinding through DNS

Last updated 2 years ago

🐞
👾