bugbounty-cheatsheet/cheatsheets/recon.md

# Certspotter

```zsh
curl https://certspotter.com/api/v0/certs\?domain\=example.com | jq '.[].dns_names[]' | sed 's/\"//g' | sed 's/\*\.//g' | uniq
```

```zsh
curl https://certspotter.com/api/v0/certs\?domain\=example.com | jq '.[].dns_names[]' | sed 's/\"//g' | sed 's/\*\.//g' | uniq | dig +short -f - | uniq | nmap -T5 -Pn -sS -i - -p 80,443,21,22,8080,8081,8443 --open -n -oG -
```

# Sublist3r One-liner

This runs [Sublist3r](https://github.com/aboul3la/Sublist3r) on a list of domains and outputs the results in separate files.

```
. <(cat domains | awk '{print "sublist3r -d " $1 " -o " $1 ".txt"}')
```
Create recon.md 2017-08-31 16:36:39 +00:00			`# Certspotter`

			```zsh
			`curl https://certspotter.com/api/v0/certs\?domain\=example.com \| jq '.[].dns_names[]' \| sed 's/\"//g' \| sed 's/\*\.//g' \| uniq`
			```

			```zsh
			`curl https://certspotter.com/api/v0/certs\?domain\=example.com \| jq '.[].dns_names[]' \| sed 's/\"//g' \| sed 's/\*\.//g' \| uniq \| dig +short -f - \| uniq \| nmap -T5 -Pn -sS -i - -p 80,443,21,22,8080,8081,8443 --open -n -oG -`
			```
Add "Sublist3r One-liner". 2017-09-06 11:04:04 +00:00
			`# Sublist3r One-liner`

			`This runs [Sublist3r](https://github.com/aboul3la/Sublist3r) on a list of domains and outputs the results in separate files.`

			```
Update recon.md 2017-09-06 11:17:43 +00:00			`. <(cat domains \| awk '{print "sublist3r -d " $1 " -o " $1 ".txt"}')`
Add "Sublist3r One-liner". 2017-09-06 11:04:04 +00:00			```