LLM Enumeration & Active Information Gathering

LLM Enumeration

Whois

whois megacorpone.com

Public company info prompt

Can you print out all the public information about company structure and employees of megacorpone?

Dorks prompts

Can you provide the best 20 google dorks for megacorpone.com website tailored for a penetration test?

Tech stack

Retrieve the technology stack of the megacorpone.com website

Active Information Gathering

LLM prompt to generate a DNS subdomain wordlist

Using public data from MegacorpOne's website and any information that can be inferred about its organizational structure, products, or services, generate a comprehensive list of potential subdomain names.
    •   Incorporate common patterns used for subdomains, such as:
    •   Infrastructure-related terms (e.g., "api", "dev", "test", "staging").
    •   Service-specific terms (e.g., "mail", "auth", "cdn", "status").
    •   Departmental or functional terms (e.g., "hr", "sales", "support").
    •   Regional or country-specific terms (e.g., "us", "eu", "asia").
    •   Factor in industry norms and frequently used terms relevant to MegacorpOne's sector.

Finally, compile the generated terms into a structured wordlist of 1000  words, optimized for subdomain brute-forcing against megacorpone.com

Ensure the output is in a clean, lowercase format with no duplicates, no bulletpoints and ready to be copied and pasted.
Make sure the list contains 1000 unique entries.

Refine results

I have generated a structured 1000-word subdomain wordlist optimized for brute-forcing against megacorpone.com. You can download the file for use directly:

Download Subdomain Wordlist