Introduction
Now that we have a list of subdomains which we know are alive, we are going to want to investigate them more closely. We have several things we can do to these domains but we want to start by getting a good overview of what each domain might have to offer and then we move on to a more manual approach which will resemble a penester like approach (Numbered sections) In the other learning path (Lettered sections) we will be learning a more automated approach to vulnerability scanning. Both have to be done to be complete and one can not go withouth the other. We will miss a lot with automation but we can cover so much more ground than when we manually walk the application.
What is it?
When we execute subdomain flyover, we are trying to get an overview of what targets we have. We need to see what this list actually contains and i mean the world ‘See’ literally, we are going to take screenshots.
In subdomain flyover we are trying to take a screenshot of all of the alive domain we gathered in our previous steps 1 & 2. We have several tools we can use to do this, i personally use aquatone but i notice i am getting old and may not be as up to date as i was so i encourage you to do your own research a bit as well into which tools runs faster. They all…
