Online tool: https://weakpass.com/generate/domains
TL;DR
During bug bounties, penetrations tests, red teams exercises, and other great activities, there is always a room when you need to launch amass, subfinder, sublister, or any other tool to find subdomains you can use to break through – like test.google.com, dev.admin.paypal.com or staging.ceo.twitter.com. Within this repository, you will be able to find out the answers to the following questions:
- What are the most popular subdomains?
- What are the most common words in multilevel subdomains on different levels?
- What are the most used words in subdomains?
And, of course, wordlists for all of the questions above!
Methodology
As sources, I used lists of subdomains from public bugbounty programs, that were collected by chaos.projectdiscovery.io, bounty-targets-data or that just had responsible disclosure programs with a total number of 4095 domains! If subdomains appear more than in 5-10 different scopes, they will be put in a certain list. For example, if dev.stg appears both in *.google.com and *.twitter.com, it will have a frequency of 2. It does not matter how often dev.stg appears in *.google.com. That’s all – nothing more, nothing less< /strong>.
You can find complete list of sources here
Lists
Subdomains
In these lists you will find most popular subdomains as is.
Subdomain levels
In these lists, you will find the most popular words from subdomains split by levels. F.E – dev.stg subdomain will be split into two words dev and stg. dev will have level = 2, stg – level = 1. You can use these wordlists for combinatory attacks for subdomain searches. There are several types of level.txt wordlists that follow the idea of subdomains.
Popular splitted subdomains
In these lists, you will find the most popular splitted words from subdomains on all levels. For example – dev.stg subdomain will be splitted in two words dev and stg.
Google Drive
You can download all the files from Google Drive