FAQs
The Deep scan uses multiple techniques to find subdomains fast and effectively:
- DNS records (NS, MX, TXT, AXFR)
- Enumeration using built-in wordlists, plus the option to use your own.
- External APIs search.
- Public search engine queries (Google search, Bing)
- Word mutation techniques.
- Searching in SSL certificates.
Is subdomain enumeration legal? ›
This type of subdomain enumeration is resource-intensive and may have legal and ethical implications since sending large requests to a target domain is required. Because of its intrusive nature, active subdomain enumeration may trigger security alerts.
How does subdomain finder work? ›
Subdomain Finder scans the DNS records and supplementary databases to analyze the domain's hierarchy. Our subdomain scanner checks: DNS records (NS, MX, TXT, AXFR)
What is subdomain hijacking? ›
It's a cyber threat executed when an attacker gains control of a legitimate subdomain that's no longer in use, then cleverly exploits the forgotten or misconfigured dangling DNS to host their own content on the previously used zone.
What is the best tool to find subdomains? ›
Here are ten highly effective options.
- Google Dorking. Google Dorking is a passive subdomain enumeration technique using Google's advanced search operators, like "site:" to find information about a target, including subdomains. ...
- Sublist3r. ...
- Amass. ...
- Recon-ng. ...
- SubDomainizer. ...
- Pentest Tools Subdomain Finder. ...
- crt.sh. ...
- Shodan.
Do subdomains count for SEO? ›
The choice between subdomains and subdirectories largely depends on reasons outside of SEO. Both can be SEO-friendly. Whether you decide to use subdomains or subdirectories, you need to optimize them for the best chance of ranking in search engines.
Do I own a subdomain if I own a domain? ›
1 Answer. Yes, you own and control the entire namespace below the domain you purchase, because DNS is hierarchical. Creating mail.example.com and blog.example.com is just a matter of adding entries to the DNS zone that you control. Since you asked about the name.
What are the risks of subdomains? ›
Websites that use multiple subdomains risk exposing themselves to cyberattacks. Subdomain takeovers can lead to data breaches and reputational damage. However, these risks can be minimized with the right strategies, and your organization can stay protected.
Why is subdomain not secure? ›
to secure a subdomain you need to either generate a new certificate for each subdomain or use a wildcard SSL certificate. A wildcard SSL certificate will automatically secure the main domain and all subdomains. A wildcard SSL certificate can be generated by using the Let's Encrypt DNS verification method.
Do subdomains show up on Google search? ›
The short answer is yes, Google can and will index and rank subdomains unless you explicitly take steps to ensure they're excluded from its index. Google's entire business model is based on discovering content. The same goes for all search engines.
Let's say you are making a pitch to a client to create their new website. You can create a subdomain that is specifically intended for them to give an idea of what their new website might look like. This is hosted on your own main domain, while retaining ownership of the subdomain.
What is a common example of a subdomain? ›
While a subdomain will appear before your TLD, a subdirectory link will include the subdirectory name after the original TLD. For example: Subdomain example: mysubdomain.mywebsite.com. Subdirectory example: mywebsite.com/mysubdirectory.
What can hackers do with subdomains? ›
The impact of subdomain hijacking can be severe, potentially leading to data breaches, financial losses, reputational damage, and the compromise of users' sensitive data.
Are subdomains bad? ›
Since subdomains are treated as separate entities by search engines, they may dilute the overall authority of your main site if not managed properly.
Is subdomain takeover illegal? ›
Subdomain takeover can have severe legal implications, as attackers may engage in illegal activities or host malicious content on compromised subdomains. It's crucial to report any such incidents to law enforcement authorities and take immediate steps to mitigate the risks to protect your reputation and users.
How to search subdomains in Google? ›
Google Dorking
Google Dorks are one of the best ways to find extenstive information about a target. Google's search operators make it easy to narrow down the search to find more subdomains. We can use the "site" operator in the search bar to find all the subdomains that Google has indexed for a domain.
How to list all DNS records in nslookup? ›
Using nslookup online is very simple. Enter a domain name in the search bar above and hit 'enter'. This will take you to an overview of DNS records for the domain name you specified.
How many subdomains is too many? ›
Each domain name can have up to 500 subdomains. You can also add multiple levels of subdomains, such as info.blog.yoursite.com. A subdomain can be up to 255 characters long, but if you have multiple levels in your subdomain, each level can only be 63 characters long.
How do I find dangling subdomains? ›
To identify DNS entries within your organization that might be dangling, use Microsoft's GitHub-hosted PowerShell tools "Get-DanglingDnsRecords". This tool helps Azure customers list all domains with a CNAME associated to an existing Azure resource that was created on their subscriptions or tenants.