I'm Thanael. It's high time I joined this wiki.
Here's a tip:
Steps for enumerating (sub)domains:
- Visit Rapid7's Sonar project
- Download the large dataset ending with "fdns_any.json.gz"
- This can be done in linux/mac terminal with wget -c LINK_TO_FILE
- Use zgrep in terminal to find subdomains related to the domain you're interested in
- If you're looking for subdomains.blogspot.com, for example, use this command on the file:
- zgrep .blogspot.com R7Date_fdns_any.json.gz > blogspot.txt
- Wait quite a while until zgrep finishes, and then let's get to archiving all the subdomains!