Active sub-domain enumeration techniques

What is active sub-domain enumeration?

  • Active sub-domain enumeration is where an attacker/tester gathers sub-domain information by probing the infrastructure managed by the target organization
  • Sometimes the target organization might have delegated the maintainence of infrastructure to 3rd party and attacker probes the infra maintained by a third party example: nameservers
  • The key characteristic of active enumeration is that it generates traffic that may possibly lead to detection and can point to the attacker/tester

List of passive sub-domain enumeration techniques

  1. Brute force/Dictionary enumeration
  2. Zone transfer
  3. Zone walking - DNSSEC
  4. DNS records
  5. HTTP headers

results matching ""

    No results matching ""