WEBVTT 00:00.670 --> 00:02.110 Hello, my name is Typhon. 00:02.110 --> 00:08.620 And in this lecture, we're going to learn how to gather domain information in Linux using subsystem 00:08.620 --> 00:09.400 tool. 00:21.050 --> 00:24.880 We will utilize a subsystem tool to perform domain harvesting. 00:24.890 --> 00:31.430 This tool is not preinstalled in Kali Linux, however, it can be installed by running the sudo apt 00:31.460 --> 00:37.540 sudo apt install sub lister in the terminal. 00:37.550 --> 00:49.190 So but if you don't have updated your apt yet, just use pseudo pseudo apt update here kali and after 00:49.190 --> 00:57.710 updating your apt you can install the sub or last version of sub listed here apt sub list or. 00:59.140 --> 01:00.640 Let's sub list. 01:01.530 --> 01:02.430 AP to install. 01:02.640 --> 01:05.730 Of course if they install sub lists are here. 01:07.190 --> 01:15.800 So this tool is written in Python, which will enumerate the subdomains of primary domain using the 01:15.800 --> 01:19.220 open source intelligence techniques. 01:19.220 --> 01:26.990 So it utilizes API such as the ask search engine, Google, Bing, Baidu and other search engines. 01:27.170 --> 01:36.260 Additionally, it also performs searches in net craft, VirusTotal DNS dumpster tradecraft and reverse 01:36.260 --> 01:42.050 DNS, while also performing DNS brute force using a specific word list. 01:42.140 --> 01:53.110 So once the tool is sold, you can run a pseudo sudo sub list 3rd and for example our target. 01:53.120 --> 01:57.650 In this case I'm going to write for example, like GitHub. 01:58.280 --> 01:58.620 GitHub. 01:58.640 --> 02:06.320 Of course this is not an attack in purposes of course RT here and a with this E parameter you're going 02:06.320 --> 02:09.330 to specify the Bing or a search engine. 02:09.410 --> 02:16.010 For example, you can also specify the Google to use search engine for finding subdomains somehow. 02:16.010 --> 02:16.700 Bing. 02:17.120 --> 02:21.230 And in this case, we're going to use the being search engine and press. 02:21.230 --> 02:22.010 Enter. 02:22.400 --> 02:28.550 Enter your carly password which is default is carly as well if you download it from official carly linux 02:28.550 --> 02:29.330 website. 02:31.080 --> 02:31.710 OC. 02:33.160 --> 02:34.030 So. 02:34.880 --> 02:39.020 Pseudo sob blister three day the GitHub. 02:40.230 --> 02:42.350 And tea tree. 02:42.960 --> 02:46.320 Let's actually now try google.com. 02:50.020 --> 02:50.250 Okay. 02:50.260 --> 02:55.660 As you can see here, we got the subdomains that openly available by. 02:56.560 --> 02:57.400 Google here. 02:57.400 --> 03:01.720 So one might encounter an error message of, uh, VirusTotal blocking. 03:01.720 --> 03:05.560 The request is can be fixed by adding your own API. 03:05.590 --> 03:15.250 K by entering export v rt api k and here are your API key here. 03:15.370 --> 03:25.330 So an API key can be generated by creating an account in adobe virustotal that comes official website.