1 00:00:00,170 --> 00:00:01,100 In a previous lecture. 2 00:00:01,100 --> 00:00:10,010 We have seen how we can find subdomains using such operators and using a website called Quraysh. 3 00:00:10,670 --> 00:00:16,640 In this lecture, I would like to show you two tools that you can use to find subdomains of any domain 4 00:00:16,670 --> 00:00:20,210 name and to check which subdomain is live. 5 00:00:20,720 --> 00:00:26,690 So to install this tool, all you have to do is just to open the terminal and type apt install. 6 00:00:26,690 --> 00:00:29,210 And then the first tool which is sub finder. 7 00:00:29,210 --> 00:00:32,180 And then the second tool which is HTTP probe. 8 00:00:34,220 --> 00:00:40,220 So the first thing you want to do is just to go to your virtual machine and open the terminal as root. 9 00:00:40,370 --> 00:00:43,460 And then you want to type the password, which is Osint. 10 00:00:44,390 --> 00:00:49,760 And before installing these tools you want to type APT update to update the repositories. 11 00:00:50,120 --> 00:00:58,100 And then you want to install the tools by typing APT install sub finder and then http probe like this 12 00:00:58,100 --> 00:00:59,060 and hit enter. 13 00:00:59,060 --> 00:01:01,700 And in my case they are already installed. 14 00:01:01,700 --> 00:01:05,700 So to use the first tool, all you have to do just to type sub finder. 15 00:01:05,700 --> 00:01:11,130 And then I'm going to add minus h to find the options that I can use with this tool. 16 00:01:11,520 --> 00:01:14,430 And I always like to use three options. 17 00:01:14,430 --> 00:01:16,200 The first one is called silent. 18 00:01:16,200 --> 00:01:18,930 That will only show me the found subdomains. 19 00:01:19,350 --> 00:01:25,710 The second option is called -0, which will save all the found subdomains to a file. 20 00:01:26,280 --> 00:01:32,610 And the third option is minus d, which is used to specify the domain name that you are trying to find 21 00:01:32,610 --> 00:01:33,780 its subdomains. 22 00:01:35,040 --> 00:01:38,280 So I'm going to type sub finder like this. 23 00:01:38,490 --> 00:01:39,810 And then minus d. 24 00:01:39,870 --> 00:01:44,610 And I'm going to try to find the subdomains of cyber Sudoku org. 25 00:01:45,330 --> 00:01:51,030 And then I'm going to add an option called silent to only see subdomains that have been found. 26 00:01:51,030 --> 00:01:52,050 And then minus. 27 00:01:52,080 --> 00:01:57,360 Oh, and I would like to create a file called subdomains on my desktop. 28 00:01:57,360 --> 00:02:02,190 So I'm going to add the full path which is in home Osint desktop. 29 00:02:02,190 --> 00:02:06,210 And I would like to call the file subdomains dot txt. 30 00:02:06,960 --> 00:02:12,850 So right now, all the subdomains that are going to be found are going to be saved in this file. 31 00:02:13,810 --> 00:02:15,580 Now I'm going to hit enter. 32 00:02:16,090 --> 00:02:20,140 And we can see that a file has been generated on our desktop. 33 00:02:21,640 --> 00:02:25,510 And as you can see these are the subdomains that have been found. 34 00:02:25,960 --> 00:02:33,550 Now the problem with these subdomains is that some subdomains are not accessible or they are not live. 35 00:02:33,580 --> 00:02:42,370 So let me copy this one for example, and then open my browser and then paste the URL. 36 00:02:42,910 --> 00:02:45,910 And we can see that we cannot access this website. 37 00:02:46,330 --> 00:02:54,340 And if we try to copy this link as well that starts with w-w-w and paste it in our browser, we can 38 00:02:54,340 --> 00:02:57,130 see that this site is also not accessible. 39 00:02:57,160 --> 00:03:02,200 But Cyberstalk and Academy that cyberstalk were completely fine. 40 00:03:03,040 --> 00:03:08,800 So the question is how can we only find subdomains that are live? 41 00:03:09,220 --> 00:03:15,140 And to do this, we are going to use the second tool that we have installed that's called HTTP probe. 42 00:03:15,830 --> 00:03:21,590 So to use this tool, I would like to use the exact same command that I have used before. 43 00:03:21,920 --> 00:03:24,590 And then I'm going to add a pipe. 44 00:03:25,070 --> 00:03:30,530 And then I'm going to say HTTP probe like this and hit enter. 45 00:03:30,530 --> 00:03:35,720 And this should only show us subdomains that are live. 46 00:03:36,200 --> 00:03:43,580 So we can see that the academy and cyber studio have been excluded. 47 00:03:44,390 --> 00:03:52,310 Now the question is what if you would like to only get or view links that start with Https or HTTP? 48 00:03:53,480 --> 00:03:59,330 So to do this we can use a tool called grip to exclude either HTTP or Https. 49 00:03:59,330 --> 00:04:04,190 So I would like to use the exact same command and then add pipe at the end. 50 00:04:04,190 --> 00:04:07,910 And then I'm going to say grip minus v to exclude. 51 00:04:07,910 --> 00:04:13,130 And I would like to exclude everything that starts with http colon. 52 00:04:13,130 --> 00:04:16,320 And then I'm going to close it with a single coat. 53 00:04:17,070 --> 00:04:22,620 So first of all, Sub finder is going to find all subdomains of cyber pseudo org. 54 00:04:22,620 --> 00:04:26,640 And it will only show us subdomains and nothing else. 55 00:04:26,640 --> 00:04:32,700 And once it finds subdomains it's going to save them to a file called sub domain dot txt. 56 00:04:33,690 --> 00:04:40,260 And then we are using http prop to check which subdomain is live and which subdomain is not live. 57 00:04:40,410 --> 00:04:47,460 And then we are using grip to exclude all search results that start with http colon. 58 00:04:47,760 --> 00:04:49,410 So let me hit enter. 59 00:04:52,050 --> 00:04:58,650 And as you can see now we have only got two search results that start with Https. 60 00:04:58,710 --> 00:05:02,010 And if we tested these two links they should work. 61 00:05:02,010 --> 00:05:07,530 So I'm going to copy the first link and then paste it in my browser. 62 00:05:08,910 --> 00:05:10,890 And we can see that it works. 63 00:05:10,890 --> 00:05:13,680 And now I'm going to test the second link. 64 00:05:16,860 --> 00:05:19,140 And this one works as well.