1
00:00:01,420 --> 00:00:02,230
Hello, everyone.

2
00:00:03,220 --> 00:00:11,290
So when we are doing subdomain takeover the first and the foremost important step that we have to do

3
00:00:11,290 --> 00:00:19,810
is a subdomain enumeration, and obviously when we are doing subdomain enumeration, we want two things

4
00:00:19,960 --> 00:00:21,970
that are very important for us.

5
00:00:22,390 --> 00:00:31,420
The first thing is more number of results, which contains a lot of subdomains of that specific target,

6
00:00:31,840 --> 00:00:38,720
because we do not want to miss any of the subdomain which may be vulnerable to subdomain takeover attacks.

7
00:00:39,250 --> 00:00:47,200
So the first thing that we want is the maximum number of results or subdomains into our output.

8
00:00:47,860 --> 00:00:49,780
Now, what is the second thing that we want?

9
00:00:50,380 --> 00:00:58,300
Second thing is the fastest subdomain resolvers, which basically means in simple word, we

10
00:00:58,300 --> 00:01:06,040
want the maximum number of subdomains in output with the minimum amount spend, which is very important

11
00:01:06,130 --> 00:01:07,220
for every one of us.

12
00:01:07,660 --> 00:01:17,630
We just cannot sit there waiting for long hours, waiting to get the results of a subdomain enumeration.

13
00:01:17,650 --> 00:01:25,270
So what we need to do, I have already done the comparisons for the fastest, fastest subdomain resolvers

14
00:01:25,720 --> 00:01:34,060
that can help you in quickly processing the subdomain enumeration part so you can focus more on the

15
00:01:34,060 --> 00:01:37,790
subdomain takeovers of the of those particular targets.

16
00:01:39,130 --> 00:01:42,670
So let's quickly see how you can do this.

17
00:01:42,970 --> 00:01:51,280
So it is a practical time and let's see the fastest subdomain enumeration, resolver or tool with better

18
00:01:51,280 --> 00:01:52,930
and accurate results.

19
00:01:56,110 --> 00:02:02,650
All right, so the first thing that we are going to see is the usual sublister tool that everyone

20
00:02:02,650 --> 00:02:08,070
uses for identifying the subdomains or doing the subdomain enumeration.

21
00:02:08,350 --> 00:02:11,920
So I'm just going to hit, enter and wait for this to complete.

22
00:02:12,190 --> 00:02:14,000
As you can see, it has successfully started.

23
00:02:14,260 --> 00:02:21,190
Let me also run one instance of find domain and let's see what results do we get.

24
00:02:21,670 --> 00:02:30,130
I'm just going to run find domain and I'm going to type hyphen D, which stands for Target and I'm going

25
00:02:30,130 --> 00:02:32,740
to run this as soon as I run this.

26
00:02:32,920 --> 00:02:34,600
It is going to give me the results.

27
00:02:35,050 --> 00:02:42,670
And you can see I have got the results in four seconds, which was a very, very quick sublister has

28
00:02:42,670 --> 00:02:44,950
not even started before this.

29
00:02:44,950 --> 00:02:52,900
I got the results in simply three seconds and this time it took one more second to give me the results,

30
00:02:52,900 --> 00:02:55,240
which is a very, very awesome.

31
00:02:56,110 --> 00:03:06,730
Now let's see if we get the subdomain that we want over here and let's see the results of do we get

32
00:03:06,790 --> 00:03:10,630
the subdomains that we want from this specific target.

33
00:03:11,740 --> 00:03:16,380
Let me just scroll the results and you can see here, which is perfect.

34
00:03:16,810 --> 00:03:24,040
We are able to see the subdomain that we wanted, which have been hosted recently, which is Shifa

35
00:03:24,190 --> 00:03:27,880
.shopify.srsecure.xyz.

36
00:03:28,240 --> 00:03:35,350
And we have already taken over this subdomain, which was a vulnerable to Shopify subdomain takeover.

37
00:03:36,040 --> 00:03:40,720
Now let's get back to our sublister and see how much it has done until now.

38
00:03:41,740 --> 00:03:48,250
And again, see, it has also completed the subdomain enumeration part and it has identified the subdomains

39
00:03:48,250 --> 00:03:48,700
as well.

40
00:03:49,120 --> 00:03:56,830
And you can see it has also identified the subdomain that we want, which is shifa.shopify.srsecure

41
00:03:56,830 --> 00:04:02,080
but in the race of identifying subdomains.

42
00:04:02,080 --> 00:04:08,020
It has identified these subdomains by taking a lot of time.

43
00:04:08,050 --> 00:04:12,430
But the number of subdomains you can see are more than find domain.

44
00:04:12,430 --> 00:04:19,990
As we can see, it only got 47 subdomains and here we have 57 subdomains.

45
00:04:21,460 --> 00:04:25,000
I believe that many of the subdomains are repeated over here.

46
00:04:25,000 --> 00:04:33,580
For example, the www is added again for each subdomain because of which the number of results that

47
00:04:33,580 --> 00:04:38,670
we have got has doubled over here, as you can see over here.

48
00:04:39,700 --> 00:04:46,960
And if you see the output for this, there are again, www which have been added over here.

49
00:04:47,260 --> 00:04:53,490
But when I did the comparison for both the number of URL, it were exactly the same.

50
00:04:53,530 --> 00:05:03,430
So this produces a big count, but exactly those URL which resolve and are running or live

51
00:05:03,700 --> 00:05:05,980
is exactly the same for both the tools.

52
00:05:06,610 --> 00:05:14,740
Now, if comparing that time, then the time, obviously, as we have seen of find domain is very,

53
00:05:14,740 --> 00:05:15,430
very good.

54
00:05:15,640 --> 00:05:22,300
In just mere four seconds, it was able to identify all of the subdomains.

55
00:05:22,510 --> 00:05:24,910
So we are saving our time onto that.

56
00:05:25,900 --> 00:05:32,950
So I hope you guys understood this comparison video of identifying the subdomains for enumeration so

57
00:05:32,950 --> 00:05:36,160
that you can use this later on for your target.

58
00:05:36,940 --> 00:05:41,710
Now, before closing this video, let me show you one more thing as well.

59
00:05:42,100 --> 00:05:46,530
Now, if you want to save the results of find domain, you can save that as well.

60
00:05:47,110 --> 00:05:52,080
You can use this particular symbol and give the name of the file that you want to save.

61
00:05:52,510 --> 00:06:01,540
So let's say I want to save this into this file, which is the name srsecure_sub.txt

62
00:06:03,580 --> 00:06:08,230
Now, let me just hit enter and it will save the output into this file.

63
00:06:08,650 --> 00:06:10,420
And you can see it has completed.

64
00:06:10,750 --> 00:06:11,620
Let's verify.

65
00:06:13,800 --> 00:06:19,220
And you can see this as the result, and now it was able to identify the subdomains and three seconds

66
00:06:19,770 --> 00:06:26,970
what you can see into this output, we are able to see a lot of more thing, a lot of messages over

67
00:06:26,970 --> 00:06:27,330
here.

68
00:06:28,140 --> 00:06:36,880
And the target and searching in virustotal, sublister, Facebook ,bufferover API.

69
00:06:37,440 --> 00:06:40,210
So we do not want this clutter over here.

70
00:06:40,230 --> 00:06:49,470
So what we are going to do is we are going to run the command, which is hyphen, hyphen, quiet and

71
00:06:49,650 --> 00:06:50,070
enter.

72
00:06:51,210 --> 00:06:59,200
What this will do is it will quiet the find domain output and it will not print any banner.

73
00:06:59,220 --> 00:07:06,090
So let me show you the output now and you can see a clear output with only the subdomains.

74
00:07:06,370 --> 00:07:10,620
There is no extra clutter or noise into this output.

75
00:07:10,950 --> 00:07:13,820
And now you can utilize this output as well.

76
00:07:13,830 --> 00:07:22,110
You can save it and you and you will be able to make a clear distinguish and clearly identify what are

77
00:07:22,110 --> 00:07:22,830
the subdomains.

78
00:07:22,830 --> 00:07:29,370
And you can also feed the subdomains to any other tools if you want to move ahead with this target.

79
00:07:30,330 --> 00:07:31,710
So this is it for this video.

80
00:07:31,710 --> 00:07:38,070
And I hope you guys understood how you can quickly identify subdomains for any specific target.

81
00:07:38,100 --> 00:07:38,580
Thank you.