Home Bio Search Archives RSS Subscribe
July 5, 2022

Subdomain Enumeration For Profit

I was inspired by this post: https://www.reddit.com/r/wallstreetbets/comments/p50n5p/amzn_is_up_to_something_with_afrm_obsessive_dd/

The TLDR was that people on the internet noticed that Amazon was going to implement Affirm, a pay later company, into their platform. The interesting part is that they figured it out before it was publicly announced.

Realizing that large companies have a large digital footprint it was likely that something like this will happen again. One avenue that I had not seen other people investigae was subdomains. The thought process is that companies will put developer functionatly or potential announcements on a subdomain.

Subdomain enumeration is the process of finding subdomains for a website. Unfortunaly most subdomains are not publicly availabe (unless the DNS server exposes a full DNS zone). Some would suggest using brute force, others say you can try to crawl links or searh engines to find new subdomains. I went with Anubis https://github.com/jonluca/Anubis. Anubis basically combines a whole bunch of methods.

Using bash and zapier I built something that would send me a text message whenever a new subdomain was found.

I started off with the sites: robinhood.com, amazon.com, opensea.com, coinbase.com

Bash Script

#!/bin/bash

# run the command
SITE="amazon.com"
file1="amazon.txt"

sqlite3 amazon.db  "create table n (id INTEGER PRIMARY KEY,subdomain TEXT);"

while [  1  ]; do
        echo Scraping
        anubis -tS amazon.com -o "$file1" # S for silent

        # get rid of last line (says how long it took to complete)
        sed -i '$ d' "$file1"

        # get rid of top 24 line (boiler plate from anubis)
        sed -i 1,24d "$file1"

        sort -o "$file1"{,} # sort inline

        echo "-----"
        cat "$file1"
        echo "-----"

        while IFS= read -r line; do
                printf '%s\n' "$line"
                select_output=$(sqlite3 amazon.db "select * from n where subdomain='$line'")
                if [ -z "$select_output" ]
                then
                    curl -X POST -H 'http_location: amazon' --data $line https://hooks.zapier.com/hooks/catch/467498/b11111
                    sqlite3 amazon.db  "insert into n (subdomain) values ('$line');"
                else
                    echo "already existrs"
                fi
        done < "$file1"
done
Previous post
How To Keep Your Project Secure When Hiring a New Remote Developer As someone who has hired probably around 50 developers, I’d like to think that I
Next post
Stuck on ‘Waiting For Image’ on Anydesk As teamviewer has incessentaly complained that I am using their product for commercial usage I have now been
Share this post if you enjoyed it :)
Subscribe to my newsletter to get notified of new posts
Follow Me On Twitter