Which technique is least likely to find hidden subdomains?

Last Updated :

Discuss

Comments

Brute-force a wordlist of probable subdomains (e.g., www, dev, api)

Query Certificate Transparency logs for issued certificates

Query historical DNS/archived DNS datasets (passive DNS)

Scanning only for open TCP port 22 on random IP addresses without referencing DNS records

This question is part of this quiz :

Tags:

Share your thoughts in the comments

GeeksforGeeks