Full Subdomain Enumeration
This workflow can help an organization identify all the subdomains within their domain and prioritize vulnerabilities within their environment, allowing them to focus their efforts on securing the most critical areas first.
This workflow uses different passive and active techniques to gather subdomains for a specified list of root domains.
Complexity: advanced
Category: Attack Surface Management
Workflow
Tools
Setup
You can set up this workflow by changing following input values:
- LIST OF DOMAINS - provide a file containing domains list, as a target
- SECURITY TRAILS API KEY - optionally provide a SecurityTrails API key
Build in steps
Visit our blog for a more thorough explanation of how to build this workflow:
- Full Subdomain Discovery Using Automated Trickest Workflow - Part 1
- Full Subdomain Brute Force Discovery Using Automated Trickest Workflow - Part 2
Execution and results
After setup workflow is ready to be executed. Once workflow's last node, all subs
script, is finished result can be viewed and downloaded.\
all subs
script will contain all of the resolved subdomains.
Try it out!
This workflow is available in the Library, you can copy it and execute it immediately!
Improve this workflow
- Add more wordlists
- Implement a mechanism to merge all of the previous results through scheduling and get-trickest-output