Cloudflare, Sucuri, etc.).Įspecially helpful for wide scope engagements, subdomain enumeration is crucial in the reconnaissance phase.
You can even use it to find out if any of the subdomains are sitting behind firewalls (e.g. Scan results also include helpful recon information such as IP address, WHOIS details, location (country), OS and server information, the technology running on the server, web platform, and page title.
This tool combines passive and active discovery methods to help you research the subdomains of your target domain for all types of security testing engagements.Įach scan delivers a list of subdomains that is validated, so you don’t have to waste time with old or invalid subdomains.