Probing#

After doing Subdomain Enumeration and Assets Enumeration, you might want to probe the website, or find “informational” findings like subdomain takeover

Subzy#

Not a ProjectDiscovery tool. This tool find subdomains that we can takeover

subzy run --targets domains.txt

Httpx#

This tool do a simple GET to the target domain(s) and return a status code like 200, 302, 404, etc It can also spit more info like title, content length, etc. We can find which domains are live with status code 200. Sometimes, a 404 doesn’t mean that it’s not live, do directory brute force.

cat all_domains.txt | httpx -sc > status.txt
cat status.txt | grep '200'
cat all_domains.txt | httpx -sc -cl -location > httpx.txt

Eyewitness#

Not a ProjectDiscovery tool This tool do a GET on the website, take a screenshot, then spits out a report Helps us find interesting targets to begin hacking

eyewitness -f interesting_domains.txt -d eyewitness
Backward Assets Enumeration DOM-Based Attacks Forward