By default we try to crawl the subdomains that we identify under your scope, using various methods such as DNS records and attempting standard lists of common subdomains. We do this to extend the coverage of your scan as much as possible.
If there are specific subdomains that you always want us to scan, you can add these as separate scan profiles. You will find more information about how to do so further down in this article. You can adjust the subdomain preferences by clicking on your scan profile and then navigating to Settings and Deep Scan Settings.
Under Deep Scan Settings, you can choose to enable or disable the scanner's ability to crawl subdomains and specify which subdomains we shouldn't include in Detectify scans.
Domain overview page
Clicking on one of your domains in the list of your verified domains will bring you to the domain overview page. At the top, you’ll see the scan profiles that have already been added for your domain.
Here you can click the profile name to access the scan overview (in the same way as in the dashboard).
Below this view, you’ll find the actual Autodiscovery feature. A list of the subdomains that we have discovered will be listed and searchable. Have a look through it to see if there are assets you wish to scan or if there are legacy assets lying around which you no longer want to be accessible to the public. Please note that the list of subdomains will only populate for verified top domains (without www.)
To add a new profile from the auto discovered subdomains, simply click “Create scan profile” to the right.
Some of the subdomains from the list will be crawled during the scan but we can't guarantee which or that the same ones will be crawled during each scan. Therefore we recommend that you identify your most important assets and add them as separate scan profiles to ensure that they always get scanned. To see which URLs we have crawled during our scan scroll down to "Crawled URL's" in your findings (appearing in green) and navigate your way to the downloadable csv file. For additional information visit Crawled URLs in our knowledge base. For more information about why you may see inconsistencies in the crawled URLs from scan to scan, please see this article:
Some of the common subdomains we look for are:
3com about access accounting accounts activestat admin administrator administrators admins ads adserver adsl agent ai aix ajax akamai alpha analyzer announce announcements antivirus apache api apple application applications apps appserver asia asterix atlas auction autodiscover autorun back backend backup backups balance balancer banking beta billing biz biztalk blog blogs bsd bsd0 bug bugs bugzilla build bulletins cache calendar canon careers catalog cert certificates certify certserv certsrv cgi channel channels chat chats chatserver check checkpoint cisco citrix class classes classifieds client clientes clients cluster clusters code coldfusion com commerce commerceserver communigate community compaq concentrator conf conference conferencing confidential connect console consult consultant consultants consulting consumer contact content core corp corpmail corporate cso css customer customers data database databases datastore db default dell demo demonstration demos design designer desktop dev develop developer developers development device devserver devsql dhcp dial dialup digital dir direct directory disc discovery discuss discussion discussions distributer distributers dmail dmz dnews dns dns0 dns1 dns2 dns3 docs documentacion domain domains dominio domino dominoweb download downloads drupal dsl dyn dynamic dynip e-com e-commerce echo ecommerce email employees engine engineer engineering enterprise epsilon europe example exchange exec extern external extranet faststats fax feedback feeds field file files fileserv fileserver filestore filter find finger firewall fix fixes flash flow foobar forum forums freebsd freeware front frontdesk ftp ftpserver fw fwsm galleries gallery gate gatekeeper gateway gmail gopher group groups groupwise gsx guest hello help helpdesk helponline hidden heroma home homebase honeypot host host1 host3 host4 host5 hotjobs howto http https hub ibm ibmdb idaho ids iis images imail imap imap4 img inc include incoming info informix inside install intern internal international internet intl intranet invalid investor investors iplanet ipmonitor ipsec ipsec-gw jobs kerberos keynote lab laboratory labs lambda lan laptop laserjet ldap legal lib library link linux lists listserv listserver live load loadbalancer local localhost log logfile logfiles logger logging loghost logica login logs lotus mac mach macintosh mail mailer mailgate mailhost mailing maillist maillists mailroom mailserv mailsite mailsrv main manage management manager master media member members messages messenger mgmt mirror mngt mobile mobilemail monitor monitoring movies mozart mp3 mpeg mpg ms-exchange ms-sql msexchange mssql multimedia music mysql name names nameserv nameserver nas nat net netapp netdata netgear netmeeting netscaler netscreen netstats network new news newsfeed newsfeeds newsgroups nms nntp node nokia novell ns ns0 ns01 ns02 ns1 ns2 ns3 ns4 ns5 nt nt4 nt40 ntmail ntp ntserver null office offices old omicron online open openbsd oracle out outbound outgoing outlook partner partners palett patch patches pbx pgp phoenix policy pop pop3 portal portals postoffice printer printserv printserver privacy private problemtracker products profiles project projects promo proxy public pubs qmail qotd quotes radius rapidsite raptor ras read realserver recruiting red redhat ref reference reg register registry regs relay remote remstats reports research reserved root route router rss rtelnet rtr rw rwhois s sac sadmin safe sales scanner schedules search sec secret secure secured security sendmail serv serv2 server server1 servers service services setup shared sharepoint shareware shipping shop shoppers shopping sigma signin signup sirius slackware slmail smc sms smtp smtphost sn sniffer snmp snmpd snort soap solaris solutions sourcecode spam splunk sql sqlserver squid staff static statistics stats svn subversion sun support sysadmin sysback syslog syslogs system team tech technology techsupport telephone telephony telnet temp terminal terminalserver termserv test tftp tool tools tracker tunnelunix unixware update updates upload ups urchin usenet user users utilities vendors vip vista vm vmserver vmware vnc voice voicemail voip vpn wan wap webaccess webadmin webalizer webcam webmail webmaster webproxy webserv webserver webtrends whois win win2000 win2003 win2k win2k3 windows windows2000 windows2003 windowsxp wingate winnt winproxy wins winxp wire wireless wlan wordpress work wpad www www1 www2 www3 xlogan xmail xml zeus
Try reading that out loud in one breath!