Probable (sub)domains
Online tool: https://weakpass.com/generate/domains
TL;DR
During bug bounties, penetrations tests, red teams exercises, and other great activities, there is always a room when you need to launch amass, subfinder, sublister, or any other tool to find subdomains you can use to break through - like test.google.com, dev.admin.paypal.com or staging.ceo.twitter.com. Within this repository, you will be able to find out the answers to the following questions:
- What are the most popular subdomains?
- What are the most common words in multilevel subdomains on different levels?
- What are the most used words in subdomains?
And, of course, wordlists for all of the questions above!
Methodology
As sources, I used lists of subdomains that were collected by shrewdeye.app, bounty-targets-data or that just had responsible disclosure programs. If subdomains appear more than in 5-10 different scopes, they will be put in a certain list. For example, if dev.stg appears both in *.google.com and *.twitter.com, it will have a frequency of 2. It does not matter how often dev.stg appears in *.google.com. That's all - nothing more, nothing less.
Lists
Subdomains
In these lists, you will find the most popular subdomains as is. 100,1000,10k,100k,1m - are the most popular subdomains sorted by their frequency.
- subdomains.txt.7z
- subdomains_100.txt
- subdomains_1000.txt
- subdomains_10k.txt
- subdomains_100k.txt
- subdomains_1m.txt
Subdomain levels
You will find the most popular words from subdomains split by levels in these lists. F.E - dev.stg subdomain will be split into two words dev and stg. dev will have level = 2, stg - level = 1. You can use these wordlists for combinatory attacks for subdomain searches.
- level_1.txt.7z
- level_2.txt.7z
- level_3.txt.7z
- level_4.txt.7z
- level_5.txt.7z
- level_1_100.txt
- level_1_1000.txt
- level_2_100.txt
- level_2_1000.txt
- level_3_100.txt
- level_3_1000.txt
- level_4_100.txt
- level_4_1000.txt
- level_5_100.txt
- level_5_1000.txt
Popular subdomain words
You will find the most popular words from subdomains on all levels in these lists. For example - dev.stg subdomain will be splitted in two words dev and stg.
Attributions
- shrewdeye.app
- berzerk0 for the inspiration with the great work Probable-Wordlists
- chaos.projectdiscovery.io
- bounty-targets-data/
- Based on some previous iteration of the same idea - https://github.com/zzzteph/substats