Here is a Find Subdomains sample report:
Allows you to discover subdomains of a target domain and to determine the attack surface of a target organization. Find systems which are less protected and more vulnerable to attacks.
Find which systems are exposed to the Internet and constitute your organization's attack surface. Development, test, backup or less-known applications are usually an easy target for attackers and they can be the entry point of an attacker to your organization.
This is a great way to perform an independent asset inventory and to check if the 'official' list of systems exposed to the Internet corresponds with the reality. The results will allow you to update your internal documentation and decomission legacy systems or upgrade the old ones.
The results of Find Subdomains are obtained in real-time and no caching mechanism is used. This allows us to always have up-to date results. Furthermore, the DNS resolution of the subdomains is also performed in real-time and only the valid results are shown.
|Domain name||Is the target domain name (ex. oracle.com, yahoo.com, etc) which will be searched for subdomains|
|Include IP information||This option instructs the tool to do whois queries in order to determine the network owners and country for each IP address|