Aquatone and Sublist3r's scanning could trigger alarms on some systems. It is seen as a brute-force attack, or potential denial of service attack.
If you're on an internal network you can also use DNS tools. Usually sub-domain record transfer is disabled (I forget the tecgnical term), but if doing an internal audit perhaps you can have a machine that allows it.
Good point on the alarms! I kinda assume someone is doing a bug bounty or testing their own server, so alarms aren't a big deal. But if you're pentesting for a client (or doing something naughty) then alarms should be considered. I'll add in a quick disclaimer.
That’s true. Then you can try something like spyse.com. They already did everything for you. But still, sometimes you need to run the process yourself, you’ll just need proxy to do that.
Also, as far as I know, guys from spyse are going to add an opportunity to scan all those things with the help of their service.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Aquatone and Sublist3r's scanning could trigger alarms on some systems. It is seen as a brute-force attack, or potential denial of service attack.
If you're on an internal network you can also use DNS tools. Usually sub-domain record transfer is disabled (I forget the tecgnical term), but if doing an internal audit perhaps you can have a machine that allows it.
Good point on the alarms! I kinda assume someone is doing a bug bounty or testing their own server, so alarms aren't a big deal. But if you're pentesting for a client (or doing something naughty) then alarms should be considered. I'll add in a quick disclaimer.
That’s true. Then you can try something like spyse.com. They already did everything for you. But still, sometimes you need to run the process yourself, you’ll just need proxy to do that.
Also, as far as I know, guys from spyse are going to add an opportunity to scan all those things with the help of their service.