by kpcyrd,                              medium read,                                                            2021-08-17

Enumerating -

submited by
Style Pass
2021-08-17 20:30:08

by kpcyrd, medium read, 2021-08-17

Due to recent political events there’s an increased interest in Afghanistan’s websites. This is a tutorial on how to run sn0int on to enumerate as many sites as possible for archival purpose.

We’re going to start sn0int in a new workspace that we call gov-af. This can be any name, it’s just a way to organize our data.

We’re then creating a domain object in sn0int so we can run investigations on it. This is technically not how the domain object is supposed to be used, because is considered an eTLD, an effective top-level domain and listed on the “public suffix list”. The sn0int domain objects are supposed to be registerable domains. This usually means subdomains of eTLDs, like, or

There’s a public log of certificates (for security reasons), we can attempt to discover domains and subdomains from the certificates that have been recorded there. Instead of downloading the full copy of the log we’re using the api of, a service that’s indexing the data. We need to install the module if we don’t already have it installed in sn0int. After installation we can run it on the target domain. This may take some time.

Leave a Comment