Brute forcing subdomain enumeration

Wed, 10 Dec 2025 00:00:00 +0000

`dnsenum`

Performs various dns-level and osint searches to find sub domains.

dnsenum \
 --enum target.tld \
 -f /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt

You can do virtual host subdomain brute forcing with gobuster. You can specify the target as a hostname or ip.

gobuster vhost \
 -u http[s]://targetip[:port] \
 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt \
 --append-domain

Wed, 10 Dec 2025 00:00:00 +0000

The seclists from https://github.com/danielmiessler/SecLists ↗️ can be installed on Kali using apt

apt install seclists

They’re installed into /usr/share/seclists/