Information Gathering Techniques
◾
73
As you can see , I have used the –threads parameter and set the value at 1000.
This will make
it run faster. Initially, it tries to perform a zone transfer. If it fails, it would
start brute-forcing the
servers.
You can also provide fierce a custom wordlist.
Example
/fierce.pl -dns xyz.com -wordlist
As you can see, the tool has managed to find both subdomains from my blog rafayhackingar-
ticles.net
74
◾
Ethical Hacking and Penetration Testing Guide
Knock.py
Knock.py is a tool that has capabilities similar to fierce for determining subdomains. It has a
built-in internal list as well as the capabilities of scanning with your custom wordlist. It can also
perform
zone transfers; for that purpose, you just need to issue an additional parameter (-zt).
Examples
Scanning with internal lists:
Python knock.py
Scanning with custom wordlist:
Python knock.py
Zone transfer file discovery:
Python knock.py
-zt
Knock.py has various options, which I will leave for you to explore. You can access its documenta-
tion at
https://code.google.com/p/knock/wiki/documentation
Wolframaplha
The following website also gives a decent amount of subdomains. It returns the most important
subdomains that get the most traffic. If you want to save time, you can try wolframaplha.
Dostları ilə paylaş: 
