cmd@fb:/tmp|❯ wc -l 33m-subdomain-wordlist.txt
33927885 33m-subdomain-wordlist.txtcmd@fb:/tmp|❯ wc -l 15m_sub_wordlist.txt
15677820 15m_sub_wordlist.txtcmd@fb:~/Desktop|⇒ wc -l 11m_sub_wordlist.txt
11466866 11m_sub_wordlist.txt
cat 11m_sub_wordlist.txt | subgen -d "bing.com"> not_resolve_subdomain.txtecho "bing.com">bing.txt
comb -s="." 11m_sub_wordlist.txt bing.txt > not_resolve_subdomain.txtcat not_resolve_subdomain.txt | zdns A --threads 10000 --name-servers=1.1.1.1 | jq -r "select(.data.answers[0].name) | .name" |tee resolve_subdomain.txtulimit -n 100000sudo pip3 install aiodnsbruteaiodnsbrute yahoo.com -w /tmp/11m_sub_wordlist.txt -o csv -t 10000 -r resolver.txtresolver.txt=>1.1.1.1
cat yahoo.com.csv | cut -d, -f1 | grep yahoo.com>yahoo.com.txtfor i in $(cat 11m_sub_wordlist.txt); do echo $i".bing.com">>not_resolve_subdomain.txt; done #first method
cat 11m_sub_wordlist.txt | xargs -L1 -P20 -I@ bash -c "echo @.'bing.com'>>not_resolve_subdomain.txt" #second method
cat 11m_sub_wordlist.txt | awk '{print $1".bing.com"}'>not_resolve_subdomain.txt #third method
while read -r sub; do echo $sub".bing.com">>not_resolve_subdomain.txt ; done < 11m_sub_wordlist.txt # fourth method
echo "bing.com">bing.txt ; comb -s="." 11m_sub_wordlist.txt bing.txt > not_resolve_subdomain.txt #fifth method
cat 11m_sub_wordlist.txt | subgen -d "bing.com">not_resolve_subdomain.txt #sixth method
goaltdns -h bing.com -w /tmp/11m_sub_wordlist.txt -o not_resolve_subdomain.txt #seventh methodcat 3.txt
bing.com
tesla.com
google.comwhile read -r sub; do awk '{print $1".'$sub'"}' ~/a/10k.txt >> $sub_non_resolve.txt; done < cat 3.txtcat resolve.txt
1.1.1.1
8.8.8.8sudo ksubdomain -f not_resolve_subdomain.txt -e 0 -verify -o resolve.txt -s resolve.txt
cat not_resolve_subdomain.txt | zdns A --threads 10000 --name-servers=1.1.1.1 | jq -r "select(.data.answers[0].name) | .name" |tee resolve_subdomain.txt#!/usr/bin/env bash
if [ "$#" -ne 1 ]; then
echo "brute.sh domain.com"
exit 1
fi
bruteforce(){
domain=$1
wordlist="/tmp/1000.txt"
#wordlist=$2
printf "[*] Bruteorce $domain Start"
printf " \r"
cat $wordlist | awk -v url="$domain" '{print $1"."url}' > /tmp/notresolve-$domain.txt
cat /tmp/notresolve-$domain.txt| zdns A --threads 200 --name-servers=1.1.1.1 | jq -r "select(.data.answers[0].name) | .name" > /tmp/bruteforce-$domain.txt
cat /tmp/bruteforce-$domain.txt | grep -Eo "[a-zA-Z0-9._-]+\.$domain" | sort -u > resolve-$domain.txt
rm /tmp/notresolve-$domain.txt /tmp/bruteforce-$domain.txt
echo -e "[+] $domain Brute-Force Done : $(wc -l resolve-$domain.txt | awk '{ print $1}')"
}
bruteforce $1
#*Demo*
#wget https://raw.githubusercontent.com/rbsec/dnscan/master/subdomains-1000.txt -O /tmp/1000.txt
#bash brute.sh tesla.com
#Resolve
#cat /tmp/notresolve-$domain.txt|zdns A --threads 500 --name-servers=1.1.1.1 | jq -r "select(.data.answers[0].name) | .name" >/tmp/bruteforce-$domain.txt
#cat /tmp/notresolve-$domain.txt|dnsx -l -t 200 -o /tmp/bruteforce-$domain.txt
#cat /tmp/notresolve-$domain.txt|httpx -threads 100 -o /tmp/bruteforce-$domain.txtbash brute.sh bing.com
When you browse with a large wordlist from your own computer, you cannot get full efficiency due to the speed of your internet. So it's better end when it trades through virtual server. you get it.
As @emadshanab said you can split the wordlist into parts and scan.