Subdomain Wordlist Creation

Creating your own wordlists are superior to using in-built tool wordlists. This is because every target is different and thus, your work should be tailored to the target. That said, generic wordlists do have their place but they attempt to enumerate thousands of unrelated subdomains which wastes time and causes pointless resource usage for the target servers.

Alterx can be configured with a pattern and when run against one or more target domains, it will generate a custom wordlist based on the pattern and also based on the words present within the already known domains (using -enrich).

The example below shows the generated permutations for our own blog:

This can then be used with a tool like httprobe to verify if the domain permutations are valid gaining you potentially hundreds more targets for bug hunting.

cat <subdomainlist> | httprobe