- Certificate (CN, Subject Alternative Name)
- Reverse Whois on IP/Domain Properties
- Acquisition Search
- Google Search
- Google Dorks
snapp.ir
snapp.taxi
snappfood.ir
snapp.market
snapp.express
snapp.doctor
snapp-box.com
snappcarfix.com
snapptrip.com
snappfood.biz
snapppay.ir
taxiyaab.ir
snapproom.com
snappbourse.com
novininvest.ir
snapp.cab
- Extract the useful properties off the certificates (SAN, CN, Issuer: O, ...)
- Search on censys,crt.sh databases
- If lucky new domains having the same property values will show up.
Aim here was to find as many domain as possible but if any juicy subdomains were found on certificates consider them.
Even though in our dedicated subdomain enumeration recon, they will likely be found.
admin.snappfood.biz
api.snappfood.biz
corp.snappfood.biz
l.snappfood.biz
metabase.snappfood.biz
snappfood.biz
staging-admin.snappfood.biz
staging-api.snappfood.biz
staging.snappfood.biz
dev.snapp.doctor