Life news: I got a dog


Checking for existence of subdomains with nmap

Whether you’re searching for story ideas, doing competitive research, or just exercising some web curiosity, having a list of all the subdomains off a given host can be helpful.

I stumbled on this tutorial and thought it was a helpful intro, in large part due to the inclusion of lists containing the top 1,000,000 subdomains. If you’re on a Mac, you can get going with nmap by installing with brew install nmap. Then grab one of the subdomain lists – say, the top 1,000 subdomains – and put it on your desktop.

So with the subdomain list and nmap installed, we can open our terminal app, change directory to the desktop, and then setup a one-liner like this:
nmap --script dns-brute --script-args,dns-brute.threads=6,dns-brute.hostlist=./sub1000.lst

And voila, a couple minutes later you’ll have a list of the configured subdomains, as well as their IP addresses.

Your ad blocker is on.

Read ad free.

Sign up for our e-mail newsletter:
Support quality journalism:
Purchase a Subscription!


Real publishers, real problems, real opportunities

Here is a copy of my presentation and prepared remarks from WordCamp for Publishers 2019 in Columbus.

Chris Gethard & Mal Blum – Crying At The Wawa (Official Video)

Old but new to me.

Send this to a friend