Certified Ethical Hacker (CEH v13) — Question 163

A penetration tester is tasked with gathering information about the subdomains of a target organization's website. The tester needs a versatile and efficient solution for the task. Which of the following options would be the most effective method to accomplish this goal?

Answer options

• A. Analyzing LinkedIn profiles to find employees of the target company and their job titles
• B. Employing a tool like Sublist3r, which is designed to enumerate the subdomains of websites using OSINT
• C. Using a people search service, such as Spokeo or Intelius, to gather information about the employees of the target organization
• D. Utilizing the Harvester tool to extract email addresses related to the target domain using a search engine like Google or Bing

Correct answer: B

Explanation

The correct answer is B because Sublist3r is specifically designed for subdomain enumeration using Open Source Intelligence (OSINT), making it the most direct and efficient method for the task. Options A and C focus on gathering employee information rather than subdomain data, which is not relevant to the tester's goal. Option D, while useful for email collection, does not specifically address the need for subdomain information.