Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,120 --> 00:00:04,200
OK so we have our results back in part one we went pretty quick.
2
00:00:04,200 --> 00:00:10,500
Part Two I want to talk about the results what might be interesting here and then identify some other
3
00:00:10,500 --> 00:00:15,420
tools that you can download and use and go play with on your own.
4
00:00:15,450 --> 00:00:21,240
So this has identified quite a few things.
5
00:00:21,250 --> 00:00:22,360
I mean there's a big list here.
6
00:00:22,360 --> 00:00:27,960
Eighty seven subdomains and I lied to you and I said that it didn't get forth levels.
7
00:00:28,060 --> 00:00:33,910
I thought there used to be a recursive feature where you'd have to do a dash are to get those.
8
00:00:33,910 --> 00:00:35,170
Now you don't have to do that.
9
00:00:35,170 --> 00:00:37,540
It just picks up pork bellies for you.
10
00:00:37,810 --> 00:00:43,230
Now some blister is great at finding some of these things like we come through here.
11
00:00:43,230 --> 00:00:51,520
There is a dabbed Tesla dot com and I saw down towards the end that there was some staging staging to
12
00:00:52,000 --> 00:00:54,440
here a dev here a test.
13
00:00:54,520 --> 00:01:03,040
These all look juicy SS dash Dev looks juicy I might be after something like Q A as well or something
14
00:01:03,040 --> 00:01:05,550
like a VPN dot Tesla dot com.
15
00:01:05,560 --> 00:01:07,200
I want to know where your mail is at.
16
00:01:07,230 --> 00:01:11,050
So here's web mail ex mail anything here.
17
00:01:11,110 --> 00:01:15,900
You can also look through these lists and possibly identify what kind of tools they're using you might
18
00:01:15,900 --> 00:01:22,900
see something like a link dot Tesla dot com or zoom dot Tesla dot com and this really just kind of drives
19
00:01:22,900 --> 00:01:31,140
home what they're running on their back end for a lot of things now this isn't the all inclusive sub
20
00:01:31,140 --> 00:01:38,550
Lister is a great tool sub Lester was ahead of its time when it came out but there are better tools
21
00:01:38,550 --> 00:01:45,250
out there there are tools that incorporate pretty much everything in one go.
22
00:01:45,300 --> 00:01:51,030
So you might have certain essays like this you might have sub lesser included in the one tool that is
23
00:01:51,030 --> 00:02:00,360
really popular if you go to Google type in a lost a mass and this is the go to tool for a lot of people
24
00:02:00,360 --> 00:02:01,900
doing bug bounty hunting.
25
00:02:01,950 --> 00:02:09,550
So if we click on the AIM ask project here in GitHub you can download the project and install it.
26
00:02:09,550 --> 00:02:12,640
Per the installation instructions here.
27
00:02:12,640 --> 00:02:15,390
So you have an installation guide down the documentation.
28
00:02:15,400 --> 00:02:22,630
The reason I have chosen not to show it in this series is because actually running a mass takes a long
29
00:02:22,630 --> 00:02:27,970
time but you can configure a mass to do a lot of things and find a lot more subdomain.
30
00:02:27,970 --> 00:02:35,490
So my challenge to you is to get a mass install and on top of that see how many more subdomains than
31
00:02:35,560 --> 00:02:39,420
eighty seven can you find when you actually run it.
32
00:02:39,430 --> 00:02:46,090
So another last thing to point out is if you want to use some bluster and you were used it was really
33
00:02:46,090 --> 00:02:47,650
really slow.
34
00:02:47,680 --> 00:02:55,780
It's always helpful to check the dash H on the help and you can see in here that there is a dash T for
35
00:02:55,780 --> 00:03:03,940
threads always check the help so we can specify a domain like we did before do something like dash D
36
00:03:03,940 --> 00:03:10,900
of Tesla dot com and then you can specify threads of like 100 as opposed to maybe one thread or 10 threads
37
00:03:10,900 --> 00:03:12,590
I was running originally.
38
00:03:12,640 --> 00:03:17,140
We give it 100 thread it's an a go a lot faster we're gonna get a lot more results.
39
00:03:17,140 --> 00:03:23,260
You could also do a dash V for verbosity here and get your results in real time if you're impatient
40
00:03:23,290 --> 00:03:25,150
or you're trying to go out to the Web.
41
00:03:25,690 --> 00:03:32,920
So there are great tools out there for doing subdomain hunting and again subdomain hunting is very very
42
00:03:32,920 --> 00:03:40,800
critical because if we just limited ourself to Tesla dot com look at all the things that we would miss.
43
00:03:40,960 --> 00:03:42,850
So we can find out a lot here.
44
00:03:42,860 --> 00:03:46,010
Now not all of these pages are going to be alive.
45
00:03:46,030 --> 00:03:52,420
Also there's a good possibility that we can go to something like this MFA dot Dev or dash Dev dot Tesla
46
00:03:52,420 --> 00:03:54,040
dot com and it won't work.
47
00:03:54,100 --> 00:03:55,370
We can give it a go and see.
48
00:03:55,370 --> 00:03:59,770
Like now always do these work these are what's show up in search engines.
49
00:03:59,890 --> 00:04:01,770
But it's worth knowing about them.
50
00:04:01,780 --> 00:04:12,130
And there are other tools out there such as like go to Google such as Tom h t t p probe like this.
51
00:04:12,130 --> 00:04:18,390
Tools like that out there that will probe the list that you give it and give it this list into the probe.
52
00:04:18,400 --> 00:04:22,220
It'll say hey this Web site's alive or this Web site's not alive.
53
00:04:22,240 --> 00:04:25,150
And then you can start narrowing down these lists as well.
54
00:04:25,150 --> 00:04:29,000
So that is something to think about when you get your wheels spinning.
55
00:04:29,050 --> 00:04:35,740
But for now for information gathering in for the scope of this course we don't have to worry about too
56
00:04:35,740 --> 00:04:36,180
much.
57
00:04:36,180 --> 00:04:42,490
They do want to point out some other alternatives and ways to do subdomain hunting and then what to
58
00:04:42,490 --> 00:04:44,640
look for in subdomain hunting.
59
00:04:44,650 --> 00:04:46,140
So that is it for this video.
60
00:04:46,390 --> 00:04:47,910
I'm going to catch you over in the next one.
6458
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.