Using Google to find subdomains
A great deal of information can be gathered from publicly available sources. As penetration testers, we should take advantage of any methods to gather valuable information about our targets anonymously.
Getting ready
All that is needed to perform this exercise is Internet access and a web browser.
How to do it...
In this example, we will use the Google search engine; however, know that there are a number of search engines that can provide similar information and, in some cases, more or different data. The Google search engine provides a number of search operators that allow you to narrow your results when performing queries.A few that can come in particularly handy for the penetration tester are site:
, inurl:
, and intitle:
.
For our purposes (finding subdomains), we will use the site:
search operator, as follows:
- Navigate to https://www.google.com, and we will search for sites that are part of the
google.com
domain. We do this by searchingsite:google.com
, as shown...