What is DNS (Subdomain) Bruteforcing?

If you are an experience penetration tester, bug bounty hunter or have experience in web security, you probably have heard of DNS or Subdomain bruteforcing before.
It is a technique often used in the reconnaissance phase of your testing to further help map out your entire attack surface.

What is DNS (Subdomain) Bruteforcing?

DNS or Subdomain brute-forcing is a method of systematically checking possible subdomain names to reveal which ones are currently in use. This is done by sending DNS requests for potential subdomains and analyzing the responses. If a response indicates that a subdomain exists (i.e. returns a NOERROR DNS response), it is added to the list of discovered subdomains.

This technique is called "brute-forcing" because it involves trying a large number of possibilities in a systematic manner, similar to how one might brute-force a password by trying many different combinations. The list of potential subdomains can be generated using wordlists, which are text files containing a large number of possible subdomain names.

Nova Security Scanner now is able to perform DNS bruteforcing to further help you map out the real entire attack surface of your target.