...
Write
OneWriteup
  • Login
  • Register
  • Trending
  • Articles
  • Blog
  • Tutorials
  • News
  • Research
  • Top 10 Lists
  • Case Studies
  • Writeup
  • Interviews
  • Personal Stories
  • Infographics
No Result
View All Result
  • Trending
  • Articles
  • Blog
  • Tutorials
  • News
  • Research
  • Top 10 Lists
  • Case Studies
  • Writeup
  • Interviews
  • Personal Stories
  • Infographics
No Result
View All Result
OneWriteup
No Result
View All Result

Subdomain Enumeration with Merklemap: Real-Time CT Logs

Deepak Sharma by Deepak Sharma
September 17, 2024
Reading Time: 3 mins read
19
0
subdomain enumeration
Share on FacebookShare on Twitter

In cybersecurity, mainly in bug bounty or when finding vulnerabilities in subdomains, certain terms are commonly used. One of the most important terminology that you must know is Certificate Transparency which plays a crucial role in website’s security by issuing the valid SSL/TLS certificate for authorized and trusted website. These certificates establish a trust worthy connection to the user, which help identify subdomains associated with a domain by keeping the track of their CT (Certificate Transparency) logs.

Let’s discuss the relation of the Certificate Transparency with the Subdomain Enumeration by uneviling the remarkable benefits of MerkleMap Tool.

Certificate Transparency Logs (CT Logs) and Subdomain Enumeration

Certificate Transparency Logs (CT Logs) are publicly available records of certificates for different domains that are issued by Certificate Authorities (CAs).

Certificate Transparency are valuable resource for discovering subdomains and monitoring domain security in bug bounty  and during security audits.

Use-Case of CT Logs:

  1. Open Auditing System: An open auditing system is a publicly accessible system where anyone can inspect, monitor, and verify specific content.
  2. Track SSL/TLS Certificates: SSL/TLS Certificates are cryptographic credentials used to establish secure connections between web browsers and servers through HTTPS.

MerkleMap for Subdomain Enumeration

MerkleMap is highly effective in finding CT Logs and is commonly used by bug bounty hunters and penetration testers to validate the CT logs of any website, conveniently providing a full attack surface of any domain. MerkleMap is completely built using the Rust language.

MerkleMap is available in two forms:

  • MerkleMap Website (https://www.MerkleMap.com): The MerkleMap website is the best way to find CT Logs and perform subdomain enumeration within seconds (80ms per entry).

ADVERTISEMENT
  •  MerkleMap CLI: The MerkleMap command-line interface is also available, which is useful for finding and retrieving results in JSON format via the terminal, without opening a browser. For example:
curl 'https://api.MerkleMap.com/live-domains?no_throttle=true'

Features of MerkleMap:

  1. User-Friendly UI: The MerkleMap website features an easy-to-use interface that helps in analyzing and generating large outputs easily.
  2. Intensive Subdomain Discovery: MerkleMap provides subdomain listings, including DNS records, SSL certificates, and publicly available information.
  3. Real-Time Results: MerkleMap provides results based on real-time data, ensuring that users receive up-to-date information.
  4. Customizable Search Queries: You can use wildcards (*) in your search or use the prefix = for exact matches.
  5. Extensive CT Logs: MerkleMap provides the maximum CT logs of all subdomains compared to any other website.

Using MerkleMap for Subdomain Enumeration:

  1. Expanded Attack Surface: Additional services hosted on subdomains (e.g., development/dev, admin, APIs, etc.) can be poorly secured or outdated.
  2. Cross-Link Analysis: Large and complex organizations with multiple domains may have connected domains or infrastructure. Using MerkleMap can help analyze connections between certificates, hosts, or services.
  3. Forgotten Assets: Organizations often don’t overlook old subdomains, hence making old scrap subdomains that can pose a serious security issues making a prime target for an attacker.
  4. Weak Security: Subdomains may have outdated TLS/SSL certificates, misconfigured CORS, or unpatched software, resulting in security compromises.
  5. Sensitive Data: Uncovering exposed subdomains can sometimes reveal sensitive files, credentials, API keys, etc., providing attackers with a foothold.

Why Subdomain Enumeration Is Important:

  1. Exposing Hidden Attack Surfaces: Finding subdomains, especially those used for testing or development purposes, can reduce an organization’s attack surface.
  2. Preventing Subdomain Takeovers: Any unmonitored or improperly decommissioned subdomain can be taken over by malicious actors, who may then use it for phishing or scamming.
  3. In-Depth Subdomain Security Coverage: Frequent subdomain enumeration ensures that all assets linked to a domain are included in security assessments. This helps prevent the inadvertent exposure of internal assets, staging environments, or third-party services.

MerkleMap’s Main Goal

MerkleMap’s main goal is to help users uncover hidden subdomains,  or expired SSL/TLS certificates, which could pose security risks if left unmonitored or unpatched .

ADVERTISEMENT
Deepak Sharma

Deepak Sharma

Cyber Security Enthusiast sharing my learning in tech. 🧑🏻‍💻

Recently Posted

HOW To BECOME AN ETHICAL HACKER ROADMAP

Free Cybersecurity Roadmap for Ethical Hacking Career in 2025

November 15, 2024
750
Top 4 Cyber attacks Commonly used for Hacking Websites!

Top 4 Cyber attacks Commonly used for Hacking Websites!

November 9, 2024
171
How to use bloodhound tool for pentesting

How to use Bloodhound / Sharphound for Pentesting Active Directory?

November 6, 2024
517
Pass The Hash

How to perform Pass The Hash Attack on Active Directory in 2024?

November 2, 2024
154
Load More

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

ADVERTISEMENT

Recommended

LockBit 3.0 Code Leaked!!! RaaS dwellers gone extremely wild!!!

LockBit 3.0 Code Leaked!!! RaaS dwellers gone extremely wild!!!

August 28, 2024
113
What is Access Control List (ACL) and How to exploit it in Active Directory?

What is Access Control List (ACL) and How to exploit it in Active Directory?

October 13, 2024
176

Popular Story

  • Download the Top 100 Free Cybersecurity Courses, Resources, and Study Materials for 2024

    Download the Top 100 Free Cybersecurity Courses, Resources, and Study Materials for 2024

    846 shares
    Share 338 Tweet 212
  • Termux Top 10 Most Powerful Tools in 2024

    321 shares
    Share 128 Tweet 80
  • How To Setup Cybersecurity HomeLab for Red Team and Blue Team?

    163 shares
    Share 65 Tweet 41
  • 7 Steps To Remove Leaked Private Photos or Videos from the Internet.

    59 shares
    Share 24 Tweet 15
  • NoSQL Injection Complete Guide, Types, Examples, Cheat Sheet

    49 shares
    Share 20 Tweet 12
ADVERTISEMENT
OneWriteup

Discover expert cybersecurity articles, tutorials, and the latest trends to protect your digital world.

  • OneWriteup Labs
  • About Us
  • Feedback
  • Contact Us
  • Report
  • Privacy Policy
  • Community Guidelines
  • Terms Of Service

© 2024 OneWriteup

No Result
View All Result
  • Trending
  • Articles
  • News
  • Blog
  • Tutorials
  • Research
  • Top 10 Lists
  • Case Studies
  • Interviews
  • Login
  • Sign Up

© 2024 OneWriteup

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Seraphinite AcceleratorOptimized by Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.