Finding all sub-domains of a target domain allows for identifying vulnerabilities and potential security breaches of a target organization. It is an essential step in the reconnaissance phase of a penetration test. Generally, sub-domains may carry some danger. For example, if a sub-domain is exposed to the internet when it shouldn’t be, it could become an easy entry point for attackers.
Therefore, to ensure stable security for an organization and minimize its attack surface, it’s imperative to find all its sub-domains and check them for vulnerabilities.
There are different ways of finding sub-domains, including manual command-line search and online scanning tools. Manual search is pretty good, but it might be not that convenient. Thanks to modern sub-domain finders, it’s possible to explore the full domain infrastructure of any organization in the world in a matter of minutes.
Today, sub-domain scanning can be performed with the help of:
? Querying search engines like Google hacking tools;
? Brute force and recursive brute-forcing tools like Fierce, etc.
? Terminal-based sub-domain scanners like Amass, Knock, etc.
Terminal-based tools are useful and accurate yet time-consuming. There are faster and more efficient tools for finding sub-domains. Here I’ll describe a new OSINT tool called spyse. With a constantly updating database, Spyse allows for finding all required data about the sub-domain(s) of the required domain in an instant. They store all the data in their database so you don’t have to wait for the service to run hour-long scans. By querying Spyse, you fetch all sub-domains and detailed data on each of them quickly.
And last but not least, all the information you retrieve can be downloaded for further offline use.
Finding sub-domains is an essential component of a cyber-security investigation, and it’s vital to have all the necessary tools to get the required sub-domain data as accurate as possible. Without tools like this, you’d be stuck waiting for scans rather than doing important security work. Keeping a constant eye on sub-domains will drastically decrease the risk of security breaches.
Spyse brings the greatest practical utility to:
? Security Engineers — Allows security engineers to look for vulnerabilities, identify gaps and possible weaknesses to prevent attacks.
? Pentesters — With Spyse, pentesters can check the endpoints for vulnerability, including sub-domains in the development environment, technical domains open to the public, and much more.
? System Administrators — System admins can optimize and support their organization’s infrastructure, collect useful info, and improve the security team’s overall work speed and efficiency.
? Business Analysts — It helps business analysts to gain analytical information on any organization in the world. Business analysts can evaluate competitors, foresee changes, and developments in their business; get an insider look at new features before they’re launched.
To admit, apart from finding sub-domains, there are many more things that you can do by using Spyse.
? Find DNS records. They provide the latest and accurate data about DNS records;
? Get information about digital certificate issuer; serial number; key length; signature algorithm; expiration details. SSL/TLS version.
? Find open ports and map network perimeter
? Parse any text or image for IP’s and domains inside them.
? Explore Autonomous Systems and Subnets of your company or any other company in the world.
It’s important to mention that currently Spyse if functioning in beta test mode. This approach allows them to collect users’ feedback to enhance their products and plan further developments.
Generally, companies pour a lot of money into making their root domain invulnerable and secure while neglecting the sub-domains. They might think that sub-domains will never be discovered, but there’s nothing you can hide from cybercriminals. You should take the safety and security of both the root domain and sub-domain(s) seriously if you want to prevent possible malicious actions. Tools like Spyse come in really handy in terms of security investigation they provide fast and accurate results and additional useful information for you to find issues and mitigate them.
By the way, guys from Spyse are giving away three free credits to newly registered users, and one free credit every month. Sign up and give them a try.