Subdomain Enumeration — The Right way (Prerequisites)

What things do we need before performing a great enumeration?

  • API keys of Passive DNS source
  • 100% accurate open public DNS resolvers
  • A VPS (Virtual Private Server)

1. API keys for Passive DNS data 🔑

  1. Allow querying their Datasets freely:
  • Good passive sources provide API keys for a limited period. (7 days/20 days).
  • They provide a limited amount of API query quota. (50 per day/1000 per month ).
  • Limited query results (2 pages of data).
Without API Keys
With API Keys

How much time does it takes to signup and obtain API keys?

  • There are in total 19 services on which you can sign up and obtain API keys.
  • I have created a detailed excel sheet about which sources to signup on for, what’s the validity of API key, their API key quota, rate limits, etc.
  • Depending on your consumption of API queries and the validity of API keys, you need to make keep making new accounts at a regular interval of time in order to get the maximum results.
API SERVICES LIST

2. 100% accurate open public DNS resolvers

git clone https://github.com/vortexau/dnsvalidator.git
cd dnsvalidator/
python3 setup.py install
dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 100 -o resolvers.txt
Dnsvalidator Tool

3. A VPS (Most Preferable)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
apex

apex

I try to analyze ransomware attacks | Static Code Analysis | Privacy & Security Updates | Pen Testing | Bug Bounty