- Download Burp Suite
- Run in terminal
java -jar burpsuite_community_v1.7.36.jar
- Scope --> Use advansed scope control --> Add --> host or IP range == target
- Select all host in sitemap and Spider.
- Do it again and again if new hosts are noticed.
- Collect new subdimains which is not detected by spider. in request | response body.
(http[s]?:\/\/)?((-)?[\w+\.]){1,20}domain\.com
Note: click + button and check regex && Auto-scroll to match when text changes
note: regex taken from Linkfinder by GerbenJavado
(?:"|')(((?:[a-zA-Z]{1,10}://|//)[^"'/]{1,}\.[a-zA-Z]{2,}[^"']{0,})|((?:/|\.\./|\./)[^"'><,;| *()(%%$^/\\\[\]][^"'><,;|()]{1,})|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|/][^"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:php|asp|aspx|jsp|json|action|html|js|txt|xml)(?:\?[^"|^']{0,}|)))(?:"|')
\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b