Subdomain enumeration is the process of discovering all subdomains belonging to a root domain (e.g., finding dev.example.com, api.example.com, staging.example.com under example.com). Methods include DNS brute-forcing, certificate transparency log mining, search engine dorking, and querying DNS aggregation services.
Forgotten or unknown subdomains are among the most common entry points for real breaches. Development servers, staging environments, and legacy applications running on obscure subdomains often have weaker security controls than the main site.
Redsight automatically enumerates all subdomains using multiple methods during the Discovery phase, ensuring no part of your external attack surface is overlooked.
Get started in minutes. No contracts, no commitments.
Start Scanning →