1
00:00:00,670 --> 00:00:02,110
Hello, my name is Typhon.

2
00:00:02,110 --> 00:00:08,620
And in this lecture, we're going to learn how to gather domain information in Linux using subsystem

3
00:00:08,620 --> 00:00:09,400
tool.

4
00:00:21,050 --> 00:00:24,880
We will utilize a subsystem tool to perform domain harvesting.

5
00:00:24,890 --> 00:00:31,430
This tool is not preinstalled in Kali Linux, however, it can be installed by running the sudo apt

6
00:00:31,460 --> 00:00:37,540
sudo apt install sub lister in the terminal.

7
00:00:37,550 --> 00:00:49,190
So but if you don't have updated your apt yet, just use pseudo pseudo apt update here kali and after

8
00:00:49,190 --> 00:00:57,710
updating your apt you can install the sub or last version of sub listed here apt sub list or.

9
00:00:59,140 --> 00:01:00,640
Let's sub list.

10
00:01:01,530 --> 00:01:02,430
AP to install.

11
00:01:02,640 --> 00:01:05,730
Of course if they install sub lists are here.

12
00:01:07,190 --> 00:01:15,800
So this tool is written in Python, which will enumerate the subdomains of primary domain using the

13
00:01:15,800 --> 00:01:19,220
open source intelligence techniques.

14
00:01:19,220 --> 00:01:26,990
So it utilizes API such as the ask search engine, Google, Bing, Baidu and other search engines.

15
00:01:27,170 --> 00:01:36,260
Additionally, it also performs searches in net craft, VirusTotal DNS dumpster tradecraft and reverse

16
00:01:36,260 --> 00:01:42,050
DNS, while also performing DNS brute force using a specific word list.

17
00:01:42,140 --> 00:01:53,110
So once the tool is sold, you can run a pseudo sudo sub list 3rd and for example our target.

18
00:01:53,120 --> 00:01:57,650
In this case I'm going to write for example, like GitHub.

19
00:01:58,280 --> 00:01:58,620
GitHub.

20
00:01:58,640 --> 00:02:06,320
Of course this is not an attack in purposes of course RT here and a with this E parameter you're going

21
00:02:06,320 --> 00:02:09,330
to specify the Bing or a search engine.

22
00:02:09,410 --> 00:02:16,010
For example, you can also specify the Google to use search engine for finding subdomains somehow.

23
00:02:16,010 --> 00:02:16,700
Bing.

24
00:02:17,120 --> 00:02:21,230
And in this case, we're going to use the being search engine and press.

25
00:02:21,230 --> 00:02:22,010
Enter.

26
00:02:22,400 --> 00:02:28,550
Enter your carly password which is default is carly as well if you download it from official carly linux

27
00:02:28,550 --> 00:02:29,330
website.

28
00:02:31,080 --> 00:02:31,710
OC.

29
00:02:33,160 --> 00:02:34,030
So.

30
00:02:34,880 --> 00:02:39,020
Pseudo sob blister three day the GitHub.

31
00:02:40,230 --> 00:02:42,350
And tea tree.

32
00:02:42,960 --> 00:02:46,320
Let's actually now try google.com.

33
00:02:50,020 --> 00:02:50,250
Okay.

34
00:02:50,260 --> 00:02:55,660
As you can see here, we got the subdomains that openly available by.

35
00:02:56,560 --> 00:02:57,400
Google here.

36
00:02:57,400 --> 00:03:01,720
So one might encounter an error message of, uh, VirusTotal blocking.

37
00:03:01,720 --> 00:03:05,560
The request is can be fixed by adding your own API.

38
00:03:05,590 --> 00:03:15,250
K by entering export v rt api k and here are your API key here.

39
00:03:15,370 --> 00:03:25,330
So an API key can be generated by creating an account in adobe virustotal that comes official website.