← Back to context Comment by Kwpolska 8 hours ago What if you have a wildcard cert for *.example.com? 2 comments Kwpolska Reply jamesfinlayson 2 hours ago I worked at a company where the security team disliked wildcard certificates because it exposed us to the risk of someone, somehow, hosting something malicious on a subdomain. andix 8 hours ago Much better. But you still leave traces from dns queries.Subfinder has a lot of sources to find subdomains, not only certs: https://github.com/projectdiscovery/subfinder
jamesfinlayson 2 hours ago I worked at a company where the security team disliked wildcard certificates because it exposed us to the risk of someone, somehow, hosting something malicious on a subdomain.
andix 8 hours ago Much better. But you still leave traces from dns queries.Subfinder has a lot of sources to find subdomains, not only certs: https://github.com/projectdiscovery/subfinder
I worked at a company where the security team disliked wildcard certificates because it exposed us to the risk of someone, somehow, hosting something malicious on a subdomain.
Much better. But you still leave traces from dns queries.
Subfinder has a lot of sources to find subdomains, not only certs: https://github.com/projectdiscovery/subfinder