“Learn hacking with mobile by enumerating subdomains of any target”

INTRODUCTION

Hi everyone! In the last article, we have seen how to install Kali Linux on android device. In this article, we are going to learn how to perform subdomain enumeration with our mobile device.

WHAT IS A DOMAIN AND SUBDOMAIN?

hacking with mobile 1
Source: AmberdDesign

As we can see from the example above, domain refers to a location of the website while subdomain is the part of the domain. This of domain as your home and subdomain as the rooms in your home. There are different rooms in your home like store room, guest room, kitchen etc which have their own structure and usage. Similar to this, the domain and subdomain works on the internet. For example, google.com is the domain and drive.google.com, cloud.google.com etc are the subdomains which have their own functionality.

WHY SUBDOMAIN ENUMERATION?

Most of the time, The developers main focus in mainly on the domains. This is because the domain is one of the most important place for their users. As the result, many security implementation as well as features are designed for the domain rather than the subdomain. Therefore, the chances of finding vulnerability is very high on the subdomain rather than on the domain.

The other reason is that there are often more subdomains compared to the domain. For example, If we enumerate subdomains of Google then we will get more than 1000 results! See, the attack surface is drastically increased from a web application to thousands of web application. Therefore, we should always try to enumerate as many subdomains as possible.

HACKING WITH MOBILE: ENUMERATING SUBDOMAIN

In this article, we are going to use a tool called Subfinder to enumerate subdomains. Let’s get started

1. Fire up your Kali Linux machine by typing nh -r in termux

2. Type apt install subfinder -y to install Subfinder

hacking with mobile 2

3. After installation, we can use subfinder like described below:

subfinder -d your_domain -o filename.txt

For example, Let us try to enumerate subdomains of google.com by typing the command below

subfinder -d google.com -o test.txt

4. After subfinder completes its scanning, you can view the output by typing the command below

cat filename.txt
hacking with mobile 4

5. You will see output similar to the screenshot below

hacking with mobile 5

C O N C L U S I O N

I hope you have understood how we can perform subdomain enumeration by android smartphone. If you have any doubts or issues then please let me know in the comment section.

Join our telegram channel here and stay updated with our latest contents.

Subscribe to our YouTube channel for latest cybersecurity videos.

Are you a bug bounty hunter? Check out our Account Takeover Lab and practice your skills ethically:

Lab 1 Lab 2 Lab 3 Lab 4 Lab 5