Horizontal/Vertical Domain Enumeration

Zone Files

• https://czds.icann.org/home
• https://github.com/jschauma/tld-zoneinfo

Purchase:

• https://domains-index.com/
• https://zonefiles.io/
• https://domainindex.com/tools/download-cctld-zone-files
• https://whois.whoisxmlapi.com/database

Web Crawl Data

• https://hassankhanyusufzai.com/blogs/parsing-petabytes-of-common-crawl-data

Microsoft Exchange Autodiscover

• https://lolware.net/blog/2018-05-09-enumerating-federated-domains/

DOMAIN=[Update]
curl -X POST "https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc" \
-H "Content-Type: text/xml; charset=utf-8" \
-H "SOAPAction: \"http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformation\"" \
--data-binary @- <<EOF | xmllint --format -
<soap:Envelope xmlns:exm="http://schemas.microsoft.com/exchange/services/2006/messages"
               xmlns:ext="http://schemas.microsoft.com/exchange/services/2006/types"
               xmlns:a="http://www.w3.org/2005/08/addressing"
               xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <soap:Header>
    <a:Action xmlns:a="http://www.w3.org/2005/08/addressing" soap:mustUnderstand="1">http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformation</a:Action>
    <a:To soap:mustUnderstand="1">https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc</a:To>
  </soap:Header>
  <soap:Body>
    <GetFederationInformationRequestMessage xmlns="http://schemas.microsoft.com/exchange/2010/Autodiscover">
      <Request><Domain>$DOMAIN</Domain></Request>
    </GetFederationInformationRequestMessage>
  </soap:Body>
</soap:Envelope>
EOF

Shared Nameserver

• https://viewdns.info/reversens/?ns=
• https://reversens.domaintools.com/search/?q=
• https://reverse-ns.whoisxmlapi.com/api
• https://search.dnslytics.com/search?q=ns:+%22%22&d=domains

WHOIS Information Coorelation