Subdomain Finder Online
Details
Stay Up To Date
Follow @secforeveryoneAsset Type
DOMAIN
Need Membership
No
Asset Verify
No
API Support
Yes
Estimate Time (Second)
300
Subdomain Finder Online Detail
Subdomains often address different sections of a website (blog, e-mail, admin panel or another application). Each subdomain could be a new attack vector for you.
What is a Subdomain?
Subdomains are created to organize and access different website sections such as the blog, e-mail, etc. You can create multiple subdomains linked with the main domain.
For example, if your domain name is securityforeveryone.com, you can open subdomains such as admin.securityforeveryone.com, mail.securityforeveryone.com, or premium.securityforeveryone.com.
Why is it important to find subdomains?
For attackers, detecting the subdomains means new attack vectors. You might have a secure application and you might be doing security tests and system consolidation regularly. But if there is a vulnerability in another application that pages a connection with your application and database, these are not important. You probably heard you are always as safe as your weakest link.
In some cases, subdomains might be less secure than the main domains. Especially, identification of domain names addressing your test systems (test, old, etc.), development environments (devel, preprod etc.) and other services (ftp, mail etc.) and analysing these subdomains from a security perspective is important.
Also, it is important to know this. When you use third-party services for subdomains, you might have different attack types such as subdomain takeover. You can check Security for Everyone’s Subdomain Takeover Vulnerability Tool.
How To Find Subdomains of a Domain Online?
You can use Security for Everyone's online and free subdomain finder tool on how to find all the subdomains of a domain. All you need to do is to type the domain name which you want to detect the subdomains.
Other Ways to Scan for Subdomains
You can run nmap --script dns-brute Target_Host command on nmap tool which can be installed to all operating systems.
Also, you can use the searchengine_subdomains_collector auxiliary module of “Metasploit Framework” to check the vulnerability.
Lastly, you can check it with open source tools such as “Sublist3r”, “aquatone”. For example, let’s use Sublist3r tool:
python sublist3r.py -d yourdomain.com
[-] Enumerating subdomains now for yourdomain.com
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
[-] Total Unique Subdomains Found: 3
admin.yourdomain.com
blog.yourdomain.com
devel.yourdomain.com
Some Advice for Common Problems
It is important to give some recommendations about the subdomains:
- Development environment, test environment, backup, and similar subdomains should be close to internet access if possible. If not, IP restriction should be present or access management should be present. And these systems should not be connected to the prod environment.
- Subdomains used for admin (admin, panel, etc.) should be protected with password for access and user name and password must not be used if any.
- If the subdomain is addressing an external service, it is important to make sure that this external service account is not canceled or expires against subdomain takeover vulnerability.
- Just like the main domains, subdomains should be included in the penetration test.
