Finding new apex domains in a unique way.

Must read the blog for bug bounty hunters and penetration testers

FREE LINK ACCESS

⚠️DISCLAIMER: INFORMATION IN THIS ARTICLE IS ONLY FOR EDUCATIONAL PURPOSES. ANY MISUSE OF THIS INFORMATION BY THE AUTHOR OF THIS ARTICLE IS NOT RESPONSIBLE.

In this article, you will learn a new advanced way to find apex domains that will increase your chance of finding bugs. this technique will be very helpful in your bug bounty and pen testing journey.

First, we need to find the nameservers of your target.

So let’s start.

click on the below link.

Whois Lookup

Enter your target name and click on enter.

My target domain has 6 name servers

So I copied one of the name server

I opened the below location. pasted that name server and clicked on enter.

Reverse NS products to reveal all connected hostnames | WhoisXML API

No records were found.