Find Subdomains Using Subfinder and assetfinder
subfinder -d example.com -all -recursive -o sub1.txt
This tool will save subdomains as sub1.txt file
assetfinder -subs-only example.mm > sub2.txt
This tool will save as sub2.txt
combine two subdomain files to one using sort comment
sort -u sub1.txt sub2.txt > suball.txt
And then we gona check which subdomain are alive using https tool or httpx-toolkit
cat suball.txt | httpx -sc > alivesub.txt
you can try all 200,300,301 and 301 code subdomains for attack
After we got alive subdomains we should check subdomain takeover using subzy tool
subzy run --targets suball.txt
if you found Vulnerable ..you can check youtube how to takeover Subdomains .
Check All url with paramspider
paramspider -l alivesub.txt
This tool will save all url files in results folder
cd results
we will add all urls in ome file using cat
cat site.txt site2.txt site3.txt > allurls.txt
Remove FUZZ and save as final.txt
cat allurls.txt | sed 's/FUZZ//g' > final.txt
Install XlsNinja: Multi-Vulnerability Scanner tool -see here https://www.aungsanoo.com/2024/09/xlsninja-multi-vulnerability-scanner.html
so we need to move final.txt file to lostools folder
mv final.txt /home/kali/lostools
And go to lostool to run
cd ../..
cd lostools
python lostsec.py
find xss sqli lfi vulnerability one by one ......Good Hunting
By Aung Lat