top | item 45751383

(no title)

xraystyle | 4 months ago

What's this 'subs' command being run to enumerate subdomains?

discuss

bauruine|4 months ago

Not sure what it is but certificate transparency logs are a goldmine for this.

https://crt.sh/?q=liuxinyi1.cn

zenmac|4 months ago

Oh got this"

"CONTEXT: PL/pgSQL function web_apis(text,text[],text[]) line 4671 at FOR over EXECUTE statement ERROR: server conn crashed?"

May be pushing a bit too hard on their postgres-rest ?

xraystyle|4 months ago

That's interesting. Suppose it doesn't do you any good if you're looking for subdomains that don't have certs though.

jweather|4 months ago

Not familiar with that one, but two that come with Kali use search engines to locate subdomains. Your DNS server would have to be pretty misconfigured to allow zone transfers to the general public, which would be the only way to discover a truly "unlisted" subdomain.

gs17|4 months ago

I suspect it's a bespoke script. The first use outputs "[domain] -> [ip]", the second use outputs "[domain] [http code] [?] [size?] [title] [info]".

perrysmith|4 months ago

I was wondering the same thing. Ran to my Kali instance and tried it out lol

xraystyle|4 months ago

So is it a thing in security distros? Is there a github for it?