ErrorEyes: A Lightweight Subdomain Enumeration Tool

By /

Listen to this Post

Featured Image
ErrorEyes is a Python-based tool designed for subdomain enumeration by querying crt[.]sh certificate logs. It helps discover subdomains associated with a target domain efficiently, without returning duplicates. Ideal for security researchers, bug bounty hunters, and sysadmins conducting reconnaissance.

🔗 Tool URL: https://shorturl.at/UDGuh

You Should Know: Subdomain Enumeration Techniques & Practical Commands

Subdomain enumeration is a critical phase in reconnaissance. Below are verified commands and techniques to expand your findings beyond ErrorEyes:

1. Using crt.sh Directly (Without ErrorEyes)

curl -s "https://crt.sh/?q=example.com&output=json" | jq -r '.[].name_value' | sed 's/\.//g' | sort -u

2. Alternative Tools for Subdomain Discovery

  • Amass (Passive & Active Enumeration): 
    amass enum -passive -d example.com -o subdomains.txt
  • Subfinder: 
    subfinder -d example.com -o subdomains.txt
  • Assetfinder: 
    assetfinder --subs-only example.com | sort -u

3. DNS Bruteforcing (For Hidden Subdomains)

dnsrecon -d example.com -t brt -D /usr/share/wordlists/subdomains-top1million-5000.txt -o dns_results.txt

4. Checking for Takeover Vulnerabilities

subzy run --targets subdomains.txt

5. HTTP Probing (Filtering Live Subdomains)

cat subdomains.txt | httpx -title -status-code -o live_subdomains.txt

6. Extracting Additional Data from SSL Certificates

openssl s_client -connect example.com:443 -servername example.com | openssl x509 -noout -text | grep DNS:

What Undercode Say

Subdomain enumeration is a foundational step in penetration testing and bug bounty hunting. Tools like ErrorEyes automate part of the process, but combining multiple techniques ensures comprehensive coverage.

🔹 For Linux Users:

  • Use grep, awk, and `sed` to filter results.
  • Automate scans with `cron` jobs.

🔹 For Windows Users:

  • Use PowerShell for similar tasks: 
    Invoke-WebRequest -Uri "https://crt.sh/?q=example.com&output=json" | ConvertFrom-Json | Select-Object -ExpandProperty name_value

🔹 Advanced Tip:

  • Integrate ErrorEyes with Nmap for port scanning discovered subdomains: 
    nmap -iL subdomains.txt -p 80,443,8080 -oN nmap_scan.txt

Expected Output

A structured subdomain list (subdomains.txt) with live hosts (live_subdomains.txt) and potential vulnerabilities (takeover_check.txt).

Prediction

Subdomain enumeration tools will increasingly integrate AI to predict hidden subdomains and reduce false positives, making reconnaissance faster and more accurate.

References:

Reported By: Abzee Saminu – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: