First, Google grammar
through specific site-wide inquiry subdomains: site: qq.com
Second, blasting online
Online enumeration blasting: http: //phpinfo.me/domain/
three search certificate
based SSL Certificate Search subdomains: https: / /crt.sh/
four, DNS search
based on the DNS records for the subdomain queries: https: //dns.bufferover.run/dns q =?
Use github download the appropriate subdomain discovery tools
git clone https://github.com/aboul3la/Sublist3r
a mounting module
sudo pip install -r requirements.txt
II enumerated objectives subdomain
python sublist3r.py -d aqlab.cn
Third, the enumeration sub-domains and sub-domains show open ports 80 and 443 of the
python sublist3r.py -d aqlab.cn -p 80,443
four enumerate target sub-domain and save the
Python shublist3r.py -d aqlab.cn -o aqlab. TXT
Find subdomain and sensitive information by user events target site
a historical loophole
clouds mirror: http://www.anquan.us/
Second, user manual, inform
college notice: https: //dwz.cn/OOWeYYy6