1
00:00:00,990 --> 00:00:03,810
Hello, everyone, and welcome to this video.

2
00:00:04,920 --> 00:00:13,020
So in this video, we are going to see one of the interesting features of a sub finders, which is going

3
00:00:13,020 --> 00:00:22,410
to help us a lot in identification of many of the sub subdomains or vertical correlation domains or

4
00:00:22,410 --> 00:00:24,090
the hidden subdomains.

5
00:00:25,170 --> 00:00:32,070
Now, this feature is called as the Recursive Enumerations SubDomains feature, which is given into

6
00:00:32,070 --> 00:00:33,170
the sub finder tool.

7
00:00:33,750 --> 00:00:36,080
And let's quickly see the example of this.

8
00:00:37,080 --> 00:00:45,090
So let's say I was able to identify one of the subdomain for a target program, uber dot com.

9
00:00:45,900 --> 00:00:51,090
So the subdomain that I have identified is dev dot uber dot com.

10
00:00:52,140 --> 00:01:01,500
Now if I'm going to use sub finder on dev.uber.com and I'm going to do a recursive enumeration

11
00:01:01,710 --> 00:01:03,720
or analysis of subdomains.

12
00:01:04,050 --> 00:01:09,370
Let's see if I'm able to identify multiple sub subdomains here or no.

13
00:01:11,130 --> 00:01:21,600
As you can see over here, I am able to identify in total 128 recursive subdomains of dev.uber.com.

14
00:01:22,320 --> 00:01:30,540
Now this gives you a variety of assets which may be missed by other security researchers, wherein

15
00:01:30,720 --> 00:01:37,090
you have done the recursive enumeration and you are getting a lot of subdomains over here.

16
00:01:37,710 --> 00:01:45,870
Now you can simply identify if any of the subdomain, if it is running a sensitive panel that can be

17
00:01:45,870 --> 00:01:54,630
bypassed easily, or if there is any sensitive information that has been exposed by mistake or any software

18
00:01:54,630 --> 00:02:01,680
version or cms that is running outdated software, which has a publicly available exploit.

19
00:02:03,720 --> 00:02:11,100
Also, apart from the recursive analysis, there is a feature of hyphen t, which is basically the

20
00:02:11,100 --> 00:02:15,660
concurrent threads that you can give to sub finder.

21
00:02:16,140 --> 00:02:24,480
Now this increases the efficiency of your scan and gives you multiple threads to run on your multiple

22
00:02:24,480 --> 00:02:29,550
target domains, which basically makes the scans much more faster.

23
00:02:30,750 --> 00:02:37,740
Even if you want to hide these Banner, which is coming into your scans when you're saving this output.

24
00:02:37,950 --> 00:02:41,900
You can also do that using the silent feature.

25
00:02:42,540 --> 00:02:49,380
So when you run the silent feature or the flag, you will not be able to see the banner of sub Finder

26
00:02:49,560 --> 00:02:54,780
and only get a clean version of the output, as you can see over here.

27
00:02:55,650 --> 00:03:02,490
So these were some of the features that you may find to be very, very helpful while you are doing subdomain

28
00:03:02,490 --> 00:03:04,590
enumeration using sub finder.

29
00:03:05,190 --> 00:03:06,690
So I hope you guys understood.

30
00:03:06,930 --> 00:03:07,500
Thank you.