Member-only story
Mastering Subdomain Enumeration
Introduction
Subdomain enumeration is a crucial phase in reconnaissance during bug bounty hunting and penetration testing. One powerful tool for this task is ShuffleDNS an open source tool developed by ProjectDiscovery. It is designed to resolve subdomains efficiently by combining mass DNS resolution with wordlists. This article will explore how to use ShuffleDNS effectively and the next steps to identify vulnerabilities after obtaining subdomains.
What is ShuffleDNS
ShuffleDNS is a fast subdomain resolver that integrates well with tools like massdns allowing you to resolve large numbers of subdomains quickly. It supports wildcard filtering custom resolver lists and stdin input making it a versatile tool for bug bounty hunters.
Installing ShuffleDNS
You can install it via go install
go install -v github.com/projectdiscovery/shuffledns/cmd/shuffledns@latestUsing ShuffleDNS for Subdomain Enumeration
- Once installed you can start resolving subdomains using a list of subdomains and a list of resolvers.
Basic Usage
shuffledns -d example.com -list subdomains.txt -r resolvers.txt -mode resolve -o resolved_subdomains.txt
