Recon is the most important part of hunting, be it subdomain extraction using wordlist or content discovery once you have fixed your target for hunting.

For both the above-mentioned work you need a wordlist which will help in identifying the potential assets.

Now to brute force a target for its content or domain for both the thing wordlist plays an important role. There are several tools available in open source which can be used for this purpose:

List of tools which I prefer to use for this purpose:




Apart from the above mentioned popular tool one of the tool which have coded for my customized purpose

The tool above I coded follows a simple script where it can give you out a list of subdomains on the supplied wordlist or default wordlist.

Demo of my tool:

So it is very important to how to enrich your wordlist, In this article, I have tried to address one of aspect that creating your wordlist based on CMS.which then can be used in different content discovery tool.

I have put up my tool over GitHub again for mass use and at the same time welcoming all if you could improve/customized it according to your usage.

Demo for tool:

I hope you all can benefit from this work of mine!!. Do let me know about views in the comment section and what all improvement you want here.

Thanks for your time.

I will take a minute to pay respect to my seniors((Twitter handle:@zerodayguys)) in the field who have constantly encouraged/helped me in achieving my goals.

I am security noob with a zest to learn and share

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store