All language subtitles for 7. Hunting Subdomains - Part 2

af Afrikaans
ak Akan
sq Albanian
am Amharic
ar Arabic Download
hy Armenian
az Azerbaijani
eu Basque
be Belarusian
bem Bemba
bn Bengali
bh Bihari
bs Bosnian
br Breton
bg Bulgarian
km Cambodian
ca Catalan
ceb Cebuano
chr Cherokee
ny Chichewa
zh-CN Chinese (Simplified)
zh-TW Chinese (Traditional)
co Corsican
hr Croatian
cs Czech
da Danish
nl Dutch
en English
eo Esperanto
et Estonian
ee Ewe
fo Faroese
tl Filipino
fi Finnish
fr French
fy Frisian
gaa Ga
gl Galician
ka Georgian
de German
el Greek
gn Guarani
gu Gujarati
ht Haitian Creole
ha Hausa
haw Hawaiian
iw Hebrew
hi Hindi
hmn Hmong
hu Hungarian
is Icelandic
ig Igbo
id Indonesian
ia Interlingua
ga Irish
it Italian
ja Japanese
jw Javanese
kn Kannada
kk Kazakh
rw Kinyarwanda
rn Kirundi
kg Kongo
ko Korean
kri Krio (Sierra Leone)
ku Kurdish
ckb Kurdish (Soranî)
ky Kyrgyz
lo Laothian
la Latin
lv Latvian
ln Lingala
lt Lithuanian
loz Lozi
lg Luganda
ach Luo
lb Luxembourgish
mk Macedonian
mg Malagasy
ms Malay
ml Malayalam
mt Maltese
mi Maori
mr Marathi
mfe Mauritian Creole
mo Moldavian
mn Mongolian
my Myanmar (Burmese)
sr-ME Montenegrin
ne Nepali
pcm Nigerian Pidgin
nso Northern Sotho
no Norwegian
nn Norwegian (Nynorsk)
oc Occitan
or Oriya
om Oromo
ps Pashto
fa Persian
pl Polish
pt-BR Portuguese (Brazil)
pt Portuguese (Portugal)
pa Punjabi
qu Quechua
ro Romanian
rm Romansh
nyn Runyakitara
ru Russian
sm Samoan
gd Scots Gaelic
sr Serbian
sh Serbo-Croatian
st Sesotho
tn Setswana
crs Seychellois Creole
sn Shona
sd Sindhi
si Sinhalese
sk Slovak
sl Slovenian
so Somali
es Spanish
es-419 Spanish (Latin American)
su Sundanese
sw Swahili
sv Swedish
tg Tajik
ta Tamil
tt Tatar
te Telugu
th Thai
ti Tigrinya
to Tonga
lua Tshiluba
tum Tumbuka
tr Turkish
tk Turkmen
tw Twi
ug Uighur
uk Ukrainian
ur Urdu
uz Uzbek
vi Vietnamese
cy Welsh
wo Wolof
xh Xhosa
yi Yiddish
yo Yoruba
zu Zulu
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,120 --> 00:00:04,200 OK so we have our results back in part one we went pretty quick. 2 00:00:04,200 --> 00:00:10,500 Part Two I want to talk about the results what might be interesting here and then identify some other 3 00:00:10,500 --> 00:00:15,420 tools that you can download and use and go play with on your own. 4 00:00:15,450 --> 00:00:21,240 So this has identified quite a few things. 5 00:00:21,250 --> 00:00:22,360 I mean there's a big list here. 6 00:00:22,360 --> 00:00:27,960 Eighty seven subdomains and I lied to you and I said that it didn't get forth levels. 7 00:00:28,060 --> 00:00:33,910 I thought there used to be a recursive feature where you'd have to do a dash are to get those. 8 00:00:33,910 --> 00:00:35,170 Now you don't have to do that. 9 00:00:35,170 --> 00:00:37,540 It just picks up pork bellies for you. 10 00:00:37,810 --> 00:00:43,230 Now some blister is great at finding some of these things like we come through here. 11 00:00:43,230 --> 00:00:51,520 There is a dabbed Tesla dot com and I saw down towards the end that there was some staging staging to 12 00:00:52,000 --> 00:00:54,440 here a dev here a test. 13 00:00:54,520 --> 00:01:03,040 These all look juicy SS dash Dev looks juicy I might be after something like Q A as well or something 14 00:01:03,040 --> 00:01:05,550 like a VPN dot Tesla dot com. 15 00:01:05,560 --> 00:01:07,200 I want to know where your mail is at. 16 00:01:07,230 --> 00:01:11,050 So here's web mail ex mail anything here. 17 00:01:11,110 --> 00:01:15,900 You can also look through these lists and possibly identify what kind of tools they're using you might 18 00:01:15,900 --> 00:01:22,900 see something like a link dot Tesla dot com or zoom dot Tesla dot com and this really just kind of drives 19 00:01:22,900 --> 00:01:31,140 home what they're running on their back end for a lot of things now this isn't the all inclusive sub 20 00:01:31,140 --> 00:01:38,550 Lister is a great tool sub Lester was ahead of its time when it came out but there are better tools 21 00:01:38,550 --> 00:01:45,250 out there there are tools that incorporate pretty much everything in one go. 22 00:01:45,300 --> 00:01:51,030 So you might have certain essays like this you might have sub lesser included in the one tool that is 23 00:01:51,030 --> 00:02:00,360 really popular if you go to Google type in a lost a mass and this is the go to tool for a lot of people 24 00:02:00,360 --> 00:02:01,900 doing bug bounty hunting. 25 00:02:01,950 --> 00:02:09,550 So if we click on the AIM ask project here in GitHub you can download the project and install it. 26 00:02:09,550 --> 00:02:12,640 Per the installation instructions here. 27 00:02:12,640 --> 00:02:15,390 So you have an installation guide down the documentation. 28 00:02:15,400 --> 00:02:22,630 The reason I have chosen not to show it in this series is because actually running a mass takes a long 29 00:02:22,630 --> 00:02:27,970 time but you can configure a mass to do a lot of things and find a lot more subdomain. 30 00:02:27,970 --> 00:02:35,490 So my challenge to you is to get a mass install and on top of that see how many more subdomains than 31 00:02:35,560 --> 00:02:39,420 eighty seven can you find when you actually run it. 32 00:02:39,430 --> 00:02:46,090 So another last thing to point out is if you want to use some bluster and you were used it was really 33 00:02:46,090 --> 00:02:47,650 really slow. 34 00:02:47,680 --> 00:02:55,780 It's always helpful to check the dash H on the help and you can see in here that there is a dash T for 35 00:02:55,780 --> 00:03:03,940 threads always check the help so we can specify a domain like we did before do something like dash D 36 00:03:03,940 --> 00:03:10,900 of Tesla dot com and then you can specify threads of like 100 as opposed to maybe one thread or 10 threads 37 00:03:10,900 --> 00:03:12,590 I was running originally. 38 00:03:12,640 --> 00:03:17,140 We give it 100 thread it's an a go a lot faster we're gonna get a lot more results. 39 00:03:17,140 --> 00:03:23,260 You could also do a dash V for verbosity here and get your results in real time if you're impatient 40 00:03:23,290 --> 00:03:25,150 or you're trying to go out to the Web. 41 00:03:25,690 --> 00:03:32,920 So there are great tools out there for doing subdomain hunting and again subdomain hunting is very very 42 00:03:32,920 --> 00:03:40,800 critical because if we just limited ourself to Tesla dot com look at all the things that we would miss. 43 00:03:40,960 --> 00:03:42,850 So we can find out a lot here. 44 00:03:42,860 --> 00:03:46,010 Now not all of these pages are going to be alive. 45 00:03:46,030 --> 00:03:52,420 Also there's a good possibility that we can go to something like this MFA dot Dev or dash Dev dot Tesla 46 00:03:52,420 --> 00:03:54,040 dot com and it won't work. 47 00:03:54,100 --> 00:03:55,370 We can give it a go and see. 48 00:03:55,370 --> 00:03:59,770 Like now always do these work these are what's show up in search engines. 49 00:03:59,890 --> 00:04:01,770 But it's worth knowing about them. 50 00:04:01,780 --> 00:04:12,130 And there are other tools out there such as like go to Google such as Tom h t t p probe like this. 51 00:04:12,130 --> 00:04:18,390 Tools like that out there that will probe the list that you give it and give it this list into the probe. 52 00:04:18,400 --> 00:04:22,220 It'll say hey this Web site's alive or this Web site's not alive. 53 00:04:22,240 --> 00:04:25,150 And then you can start narrowing down these lists as well. 54 00:04:25,150 --> 00:04:29,000 So that is something to think about when you get your wheels spinning. 55 00:04:29,050 --> 00:04:35,740 But for now for information gathering in for the scope of this course we don't have to worry about too 56 00:04:35,740 --> 00:04:36,180 much. 57 00:04:36,180 --> 00:04:42,490 They do want to point out some other alternatives and ways to do subdomain hunting and then what to 58 00:04:42,490 --> 00:04:44,640 look for in subdomain hunting. 59 00:04:44,650 --> 00:04:46,140 So that is it for this video. 60 00:04:46,390 --> 00:04:47,910 I'm going to catch you over in the next one. 6458

Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.