External Recon

O365/Entra

Subdomains

Enumerating subdomains is vital for attack surface mapping. A huge amount of tools and methods exist for this, such as visiting crt.sh or using Gobuster. I recommend using a blend of tools/sources, such as:

Subfinder
GoBuster (DNS Mode)
Sublist3r

Use a port scanner (like RustScan) to scan targets and Gowitness to triage hosted web applications for investigation.

Previousjotter's den NextInternal Recon

Last updated 2 months ago