Blind XSS endpoint + SSRF Google + Nmap subdomains

2026-03-01 06:53:04 -08:00 · 2018-11-25 15:44:17 +01:00
parent b34cff5a74
commit 928a454531
3 changed files with 30 additions and 0 deletions
--- a/Resources/Subdomains
+++ b/Resources/Subdomains
@@ -12,6 +12,7 @@
  * Aquatone (Ruby and Go versions)
  * AltDNS
  * MassDNS
+  * Nmap
 * Subdomain take over
  * tko-subs
  * HostileSubBruteForcer
@@ -144,6 +145,12 @@ DNS_RESOLVERS="./resolvers.txt"
 cat /tmp/results_subfinder.txt | massdns -r $DNS_RESOLVERS -t A -o S -w /tmp/results_subfinder_resolved.txt
 ```

+### Using Nmap
+
+```powershell
+nmap -sn --script hostmap-crtsh host_to_scan.tld
+```
+
 ## Subdomain take over

 Check [Can I take over xyz](https://github.com/EdOverflow/can-i-take-over-xyz) by EdOverflow for a list of services and how to claim (sub)domains with dangling DNS records.