Grizzly Cyber Wiki
  • 👋Grizzly Cyber Security
  • ❓What is Cyber Wiki?
  • Web Testing
    • 🔑Session Token and APIs
      • Testing API Keys
      • Testing JSON WEB TOKENS
    • 🔍Discovery & Scanning
      • Custom Subdomain Wordlists
      • Subdomain Enumeration
      • Dir & Page Enumeration
      • Nuclei
    • 💉Injection Testing
      • CSV Injection
  • Wireless Testing
    • ðŸ“ķWPA2 Cracking
  • Miscellaneous
    • ðŸ’ŧHow to Proxy Linux Traffic
    • ðŸĪŠUseful Unique Resources
    • 📃Cheat Sheets
      • IDOR Cheat Sheet
      • NMAP Cheat Sheet
Powered by GitBook
On this page
  1. Web Testing
  2. Discovery & Scanning

Custom Subdomain Wordlists

For best results you should use custom tools.

PreviousDiscovery & ScanningNextSubdomain Enumeration

Last updated 2 years ago

Subdomain Wordlist Creation

Creating your own wordlists are superior to using in-built tool wordlists. This is because every target is different and thus, your work should be tailored to the target. That said, generic wordlists do have their place but they attempt to enumerate thousands of unrelated subdomains which wastes time and causes pointless resource usage for the target servers.

can be configured with a pattern and when run against one or more target domains, it will generate a custom wordlist based on the pattern and also based on the words present within the already known domains (using -enrich).

The example below shows the generated permutations for our own blog:

Alterx Example

cat <subdomainlist> | httprobe

This can then be used with a tool like to verify if the domain permutations are valid gaining you potentially hundreds more targets for bug hunting.

🔍
httprobe
Alterx
Using httprobe