Subdomain Enumeration

SSL/TLS Certificates

• http://crt.sh/

• https://ui.ctsearch.entrust.com/ui/ctsearchui

Search Engines

Google dorks.

-site:www.tryhackme.com  site:*.tryhackme.com

Osint

https://github.com/aboul3la/Sublist3r

Virtual Hosts

Brute force subdomains.

ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.acmeitsupport.thm" -u http://10.10.8.43 -fs {size}