1
00:00:01,410 --> 00:00:04,860
Hello, everyone, and welcome to this video.

2
00:00:05,760 --> 00:00:11,670
So in this video, we are going to see how can we install a sub finder.

3
00:00:12,390 --> 00:00:20,310
So subfinder is one of the most interesting tool that has been released by Project Discovery team, which

4
00:00:20,310 --> 00:00:26,550
is used for identification of a subdomains for bug bounty programs.

5
00:00:27,690 --> 00:00:30,630
Now, the installation is very, very simple.

6
00:00:31,110 --> 00:00:38,730
And the best thing about this tool, as it is written in golang because of which it has much more faster

7
00:00:38,730 --> 00:00:47,310
speed as well as concurrency, which means you can run multiple threads of this particular tool to identify

8
00:00:47,310 --> 00:00:50,070
subdomains for multiple targets at once.

9
00:00:51,240 --> 00:00:51,770
All right.

10
00:00:51,780 --> 00:00:59,430
So how to do installation of this and how can we run this to identify subdomains very, very quickly?

11
00:01:00,490 --> 00:01:03,910
So you need to come to this particular GitHub repository.

12
00:01:04,320 --> 00:01:07,890
I'm going to give the link for this repository in the description.

13
00:01:08,920 --> 00:01:12,230
Now, there are multiple ways that you can install it.

14
00:01:12,840 --> 00:01:19,620
You can always compile it from the source code by copying this GitHub repository link and running this

15
00:01:19,770 --> 00:01:20,520
manually.

16
00:01:21,330 --> 00:01:28,710
Also, if you go into the releases tab, you will be able to identify the versions that are released

17
00:01:28,920 --> 00:01:30,810
for each distribution.

18
00:01:31,380 --> 00:01:37,890
For example, if you see over here, these are all the Linux versions that have been released for your

19
00:01:37,890 --> 00:01:44,700
current distribution, you can download anyone that works perfectly fine for you, here it is MacOS

20
00:01:44,700 --> 00:01:46,590
version, as well as Windows version.

21
00:01:47,820 --> 00:01:53,920
So for me, I have downloaded the Mac OS AMD 64 version, as you can see over here.

22
00:01:55,200 --> 00:01:57,160
So this is my version.

23
00:01:57,180 --> 00:02:05,880
So let me just file this to show you that this is a Mac OS executable file, which can be seen over

24
00:02:05,880 --> 00:02:06,240
here.

25
00:02:07,020 --> 00:02:07,550
All right.

26
00:02:07,920 --> 00:02:15,420
So now we are going to run this tool and let's see what kind of output do we get.

27
00:02:16,200 --> 00:02:21,360
So before starting the tool, let's quickly see the documentation and the help guide.

28
00:02:22,260 --> 00:02:30,390
So the first thing that need to be noticed over here is if you want to give any domain to identify it,

29
00:02:30,390 --> 00:02:34,080
subdomains, you need to give the -d flag.

30
00:02:34,500 --> 00:02:38,740
So Hyphen stands for that domain to find subdomains for.

31
00:02:38,970 --> 00:02:39,930
So let's see this.

32
00:02:41,010 --> 00:02:48,660
For instance, let's say we are going to identify the subdomains for a program which is Bugcrowd dot com

33
00:02:49,590 --> 00:02:50,710
and hit enter.

34
00:02:51,390 --> 00:02:58,950
Let's see how much time does it takes to identify the subdomains for bugcrowd and how many subdomains

35
00:02:58,950 --> 00:03:00,600
it total identifies.

36
00:03:01,410 --> 00:03:09,510
And you can see the scan is completed successfully and it has identified 31 subdomains for bugcrowd

37
00:03:09,510 --> 00:03:10,800
in eight seconds.

38
00:03:11,340 --> 00:03:19,890
This is pretty fast and we are getting a good result and output now in case you want to save

39
00:03:19,890 --> 00:03:21,030
this into a file.

40
00:03:21,300 --> 00:03:22,520
We can also do that.

41
00:03:22,980 --> 00:03:31,050
There is a flag which is given over here, which is hyphen O to save the output or to write the output

42
00:03:31,050 --> 00:03:33,190
into a file as can be seen over here.

43
00:03:34,020 --> 00:03:43,570
So hyphe O and the file name, let's say we give the file name as bugcrowdsubs.txt and hit enter.

44
00:03:44,320 --> 00:03:52,590
Now the output will be automatically saved into the file, which you can use later on for identification

45
00:03:52,860 --> 00:03:56,750
or give it to any tool for further inspection or scanning.

46
00:03:57,990 --> 00:04:01,320
So let us see if the file has been successfully created or not.

47
00:04:01,800 --> 00:04:04,830
And you can see it has successfully created over here.

48
00:04:05,250 --> 00:04:05,730
All right.

49
00:04:06,570 --> 00:04:15,540
Now, let's say if you want to identify multiple subdomains for multiple target, not only one, in

50
00:04:15,540 --> 00:04:26,400
that case, you can use the hyphen dL flag, which will enumerate the subdomains for all your target.

51
00:04:27,000 --> 00:04:27,860
So let's see this.

52
00:04:28,260 --> 00:04:38,490
So let's quickly make a file and let's call it as bounty target dot txt let's say our first target,

53
00:04:38,490 --> 00:04:40,800
be hackerone and second target.

54
00:04:40,800 --> 00:04:43,350
be bugcrowd dot com.

55
00:04:43,860 --> 00:04:45,030
Let's save this quickly.

56
00:04:45,460 --> 00:04:53,320
And now once we have saved this target, we are going to identify the subdomains for both the target.

57
00:04:53,820 --> 00:04:59,220
So for that, we are going to write a sub finder hyphen small D Capital L.

58
00:04:59,880 --> 00:05:05,280
As you can see over here, and bounty target

59
00:05:09,120 --> 00:05:16,220
and hit enter ,when I will hit enter, you can see it, I started enumerating subdomains for hackerone.

60
00:05:16,590 --> 00:05:24,150
So it has done enumerating the subdomains for Hackerone and it will start enumerating the subdomains for

61
00:05:24,450 --> 00:05:25,740
bugcrowd as well.

62
00:05:26,670 --> 00:05:33,810
Now you can see over here as we did a spell error and is not able to identify any subdomain for Hackerone

63
00:05:34,020 --> 00:05:36,960
because we did not add dot com at the end.

64
00:05:37,680 --> 00:05:41,880
So let's fix this quickly and write dot com over here.

65
00:05:42,270 --> 00:05:48,150
And again, run this and let's see if we are able to identify this time more subdomains.

66
00:05:48,360 --> 00:05:55,200
And you can see we are perfectly getting all the subdomains for the target as it has successfully identified

67
00:05:55,380 --> 00:05:56,940
16 subdomains.

68
00:05:56,940 --> 00:06:01,070
And previously, as we did a spell error, it was not able to identify it.

69
00:06:01,740 --> 00:06:07,920
So you should also make note of this, that you also do not do similar kind of mistakes when you are

70
00:06:07,920 --> 00:06:14,550
doing your bug bounty hunting or subdomain enumeration because you may get a false positive result which

71
00:06:14,550 --> 00:06:16,530
will affect your hunting process.

72
00:06:17,260 --> 00:06:24,120
So I hope you guys understood how you can use a subfinder to identify subdomains quickly, which you can

73
00:06:24,120 --> 00:06:26,280
use later on for your hunting part.

74
00:06:26,580 --> 00:06:27,120
Thank you.