The first-ever custom-trained AI tool for subdomain discovery to transform the way security professionals identify hidden subdomains, which are often overlooked yet highly vulnerable entry points for cyberattacks.
Traditionally, subdomain enumeration has relied on brute-force methods, which involve generating and testing countless permutations of potential subdomains. While widespread, this approach is inefficient, requiring excessive DNS queries and offering no guarantee of success.
Even advanced wordlists and permutation tools often fail to detect many subdomains due to their lack of contextual understanding.
Hackers frequently exploit these blind spots. Forgotten or misconfigured subdomains such as legacy systems or test environments are particularly susceptible to attacks, as they often run outdated software.
These vulnerabilities can serve as digital backdoors, granting attackers unauthorized access to an organization’s network.
How Subwiz Works
Subwiz leverages machine learning to identify real-world patterns in subdomain structures, enabling it to make intelligent predictions. Unlike brute-force methods, this AI-driven approach drastically reduces the number of DNS queries while improving accuracy.
According to Olivier Beg, Chief Hacking Officer at Hadrian, Subwiz discovered 10.4% more subdomains during benchmarking compared to traditional methods.
The tool operates using a lightweight large language model (LLM) trained on 26 million tokens of subdomain data. This model is efficient enough to run on standard laptops and can generate hundreds of results within seconds.
Application Security is no longer just a defensive play, Time to Secure -> Free Webinar
Subwiz strikes a balance between computational efficiency and comprehensive detection by focusing on targeted predictions rather than exhaustive testing.
Subwiz offers several customizable features that cater to the needs of ethical hackers and security researchers:
- AI-Powered Predictions: The tool predicts potential subdomains based on contextual patterns.
- Resolution Checking: Automatically verifies whether predicted subdomains resolve.
- Adjustable Parameters: Users can fine-tune the number of predictions and randomness levels.
- Seamless Integration: Subwiz integrates easily with existing tools like SanicDNS, Hadrian’s open-source ultra-fast scanning tool.
Beg explains that combining Subwiz with other tools enhances reconnaissance workflows. For example, SanicDNS can perform rapid scans on subdomains discovered by Subwiz, creating a comprehensive detection pipeline.
Subwiz empowers organizations to adopt a proactive stance in securing their digital assets. By uncovering hidden subdomains before attackers can exploit them, businesses gain the opportunity to address vulnerabilities early. This added visibility is critical in today’s evolving threat landscape.
“Unseen subdomains are a common blind spot for organizations,” says Beg. “By improving discovery, we help reduce the risk of unnoticed vulnerabilities being exploited.”
Efficiency Meets Effectiveness
During its development, Hadrian prioritized efficiency without compromising detection quality. Subwiz typically runs around 10,000 targeted tests per domain, uncovering an additional 10% of previously undetected subdomains.
This extra visibility often reveals forgotten or vulnerable systems that could otherwise go unnoticed.
Beg emphasizes that this balance between exhaustive detection and efficiency is what sets Subwiz apart: “Instead of blindly testing millions of possibilities, we focused on intelligent predictions.”
The release of Subwiz reflects a growing trend in cybersecurity: integrating artificial intelligence into traditional workflows. Similar innovations are reshaping how ethical hackers and security professionals approach reconnaissance and vulnerability assessments.
With its ability to uncover hidden digital backdoors efficiently, Subwiz is poised to become an indispensable tool for organizations looking to fortify their defenses against ever-evolving cyber threats.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try 50 Request for Free
The post Subwiz – New AI-powered Recon Tool to Hunt for Hidden Subdomains appeared first on Cyber Security News.
The original article found on Cyber Security News Read More
