Subdomain Found! Now What? Next Steps for Bug Hunters
1 min read
Summary
A subdomain is a secondary or lesser domain that is part of a larger domain.
Bug hunters look for subdomains to attack as part of their reconnaissance work.
There are both passive and active ways to find subdomains.
Passive ways involve gathering data from public sources without interacting with the target; this includes using Certificate Transparency Logs or the Subfinder tool.
Active ways involve directly querying the target domain to discover subdomains; this includes using the To probable-word-subdomains tool.
Once a subdomain is found, it is important to note it before moving on to assessing its vulnerability and attempting to exploit it.