Subdomain & Port Scanning Guide

In cybersecurity, discovering what’s hidden beneath a domain is often the first step in uncovering security risks. Techniques like subdomain enumeration, port scanning, and HTTP server detection help ethical hackers and security experts analyze network vulnerabilities effectively. 👇

Subdomain Enumeration 🌐​

Subdomain enumeration is the process of finding hidden or forgotten subdomains of a website - for example, admin.example.com or test.example.com.

These hidden subdomains may expose:

• Development environments 💻
• Admin panels 🔧
• Misconfigured servers ⚠️

Popular Tools:

• Sublist3r
• Amass
• Assetfinder

💡 Tip: Always verify discovered subdomains for live services before scanning further.

---

Port Scanning 🚪​

Once you know the target, the next step is port scanning - identifying which network ports are open and what services are running on them.

Example Tools:

• Nmap - the classic, detailed scanner
• Masscan - for fast, wide scans

Example Command:
nmap -p 1-65535 -T4 -A -v <target>

This helps detect open ports like 22 (SSH), 80 (HTTP), or 443 (HTTPS), revealing entry points attackers might exploit.

---

HTTP Web Server Detection 🌍​

After finding live hosts, security testers identify HTTP web servers and analyze their configurations.

What You Can Learn:

• Server type (e.g., Apache, Nginx, IIS) 🖥️
• Framework versions (e.g., PHP, Node.js) ⚙️
• Potential misconfigurations 🔍

Tools to Try:

• WhatWeb
• Wappalyzer
• Nikto

These tools reveal technologies in use and help locate outdated or vulnerable components.

---

Why These Techniques Matter 💡​

Together, these three steps create a foundation for penetration testing:

1. Find hidden subdomains.
2. Identify open ports.
3. Analyze web server configurations.

They give cybersecurity professionals a full picture of a system’s exposure - helping fix weaknesses before hackers can exploit them. 🔒