Subdomains analysis and generation tool. Reveal the hidden!
Online tool: https://weakpass.com/generate/domains
During bug bounties, penetrations tests, red teams exercises, and other great activities, there is always a room when you need to launch amass, subfinder, sublister, or any other tool to find subdomains you can use to break through - like test.google.com, dev.admin.paypal.com or staging.ceo.twitter.com. Within this repository, you will be able to find out the answers to the following questions:
And, of course, wordlists for all of the questions above!
As sources, I used lists of subdomains that were collected by shrewdeye.app, bounty-targets-data or that just had responsible disclosure programs. If subdomains appear more than in 5-10 different scopes, they will be put in a certain list. For example, if dev.stg appears both in *.google.com and *.twitter.com, it will have a frequency of 2. It does not matter how often dev.stg appears in *.google.com. That's all - nothing more, nothing less.
In these lists, you will find the most popular subdomains as is. 100,1000,10k,100k,1m - are the most popular subdomains sorted by their frequency.
You will find the most popular words from subdomains split by levels in these lists. F.E - dev.stg subdomain will be split into two words dev and stg. dev will have level = 2, stg - level = 1. You can use these wordlists for combinatory attacks for subdomain searches.
You will find the most popular words from subdomains on all levels in these lists. For example - dev.stg subdomain will be splitted in two words dev and stg.