- 34 M Wordlist Subdomain Brute Force
- Asn Based Network Scan
- Asset Discovery and Vulnerability Scanning
- Custom Subdomain Brute Force Wordlist From Ip Ranges
- Enumerate Cloud Resources
- Full Subdomain Enumeration
- Get Ips and Cnames
- Github Recon and Scanner
- Hostnames S3 Bucket Finder
- Simple Content Discovery
- Creating a Workflow
- Downloading a Result
- Executing a Workflow
- How Do Machines Work
- Keeping Track of a Run
- Navigating in Workflow Editor
- Saving a Workflow and History
- Scheduling a Workflow
- Using Workflows From Library
- Concepts and Architecture
- Spaces and Projects
- Trickest CLI
34 M Wordlist Subdomain Brute-Force
Category: Attack Surface Management
You can set up this workflow by changing following input value:
- ROOT DOMAIN - provide root domain, e.g. trickest.com, as a target
Execution and results
After setup workflow is ready to be executed. Once workflow’s last node,
recursively-cat-all script, is finished result can be viewed and downloaded.
Build this workflow in steps
Unzipping wordlist with unzip-to-out
Firstly, we will download the zip wordlist from https://localdomain.pw/subdomain-bruteforce-list/all.txt.zip as it contains most comprehensive and all-around wordlist.
Getting wordlist with cat-all-in
As the output from unzip-to-out is folder with all of the files contained in zip used as an input, we will use cat-all-in to cat all of the files into one file. Output should be inside of
out/output.txt which is being used by
file output port.
Create potential hostnames with mksub
Now that we have the wordlist, we can use mksub to merge the wordlist with our root domain.
With mksub we have all of our potential hostnames consisting of the root domain and potential wordlist, which we unzipped previously. Time to resolve!
Resolve with puredns
It is time to resolve our potential hostnames. Puredns has two types of modes, and in this case, as we have already created hostnames, we will use the
resolve mode. Additionally, puredns uses two resolver file inputs to resolve all of the hostnames used as input. One of our project’s trickest/resolvers is focused on that, so we can use the URL inputs for puredns which will be downloaded and used in execution time.
Firstly, we will connect the wordlist from mksub and enable the
Second, we will add
resolvers-trusted URLs from repository.
Additionally, as we are in
resolve mode, the
domain parameter is unnecessary, so we can disable it through the right sidebar.
Get results with recursively-cat-all
Finally, we will use the recursively-cat-all script, which will cat all of the files into one recursively.
Try it out!
This workflow is available in the Library, you can copy it and execute it immediately!
Improve this workflow
Get a Video Demo
Fill out and submit this form to receive an in-depth video demo of the Trickest platform.
Talk To Sales
Fill out the form and we'll get back to you about any questions you have on our products, services, pricing, or scheduling a demo.