During the reconnaissance phase of a black-box web assessment, the rules of engagement forbid sending any packets to the client's infrastructure. You still need to discover as many subdomains as possible-including staging and legacy hosts-before planning subsequent attacks. Which technique best satisfies these constraints?
Send an AXFR request to the authoritative DNS servers to attempt a full zone transfer.
Download the site's robots.txt file and parse it for disallowed directories that reference subdomains.
Run a DNS brute-force tool such as dnsmap with a large wordlist against the target domain.
Search Certificate Transparency logs for issued certificates containing the organization's domain.
Querying public Certificate Transparency (CT) logs is a fully passive activity because the tester only interacts with third-party CT search interfaces such as crt.sh or Google's CT API. CT logs contain most publicly trusted TLS certificates, and they often list subdomains that may never have been added to public DNS but were included in a certificate, revealing production, staging, and legacy hostnames without touching the target's network. In contrast, attempting a DNS zone transfer or performing word-list brute-force generates queries to the target's authoritative name servers, and fetching robots.txt sends requests directly to the target's web server-both actions violate the no-touch requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Certificate Transparency logs?
Open an interactive chat with Bash
How does querying CT logs differ from brute-force techniques?
Open an interactive chat with Bash
Why isn't robots.txt parsing useful for subdomain enumeration in this case?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .