I'm Thanael. It's high time I joined this wiki.

Here's a tip:

Steps for enumerating (sub)domains:

  • Visit Rapid7's Sonar project
  • Download the large dataset ending with "fdns_any.json.gz"
    • This can be done in linux/mac terminal with wget -c LINK_TO_FILE
  • Use zgrep in terminal to find subdomains related to the domain you're interested in
    • If you're looking for, for example, use this command on the file:
    • zgrep R7Date_fdns_any.json.gz > blogspot.txt
  • Wait quite a while until zgrep finishes, and then let's get to archiving all the subdomains!