{"id":65002,"date":"2026-07-04T11:39:32","date_gmt":"2026-07-04T18:39:32","guid":{"rendered":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/"},"modified":"2026-07-04T11:39:32","modified_gmt":"2026-07-04T18:39:32","slug":"subdomain-enumeration","status":"publish","type":"post","link":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/","title":{"rendered":"Subdomain Enumeration: The Complete 2026 Guide (Passive, Active and Brute Force)"},"content":{"rendered":"<p><strong>Subdomain enumeration<\/strong> is the highest-leverage phase of any reconnaissance methodology, because every subdomain you find is a new door into the target &#8211; and the doors nobody remembers are the ones left unlocked. The acquired-company portal, the staging environment, the forgotten legacy API: these rarely appear in an organization&#8217;s own inventory, but they resolve on the public internet all the same. Finding them first is what separates a thorough bug bounty hunter, red teamer, or attack-surface team from an average one.<\/p>\n<p>This guide covers subdomain enumeration end to end: the passive sources, the active brute-force and permutation techniques, how to resolve and validate results, virtual-host discovery, and subdomain-takeover checks. It names the strongest open-source tool for each step and shows how <a href=\"\/wordpress\/sn1per-professional-2026\/\">Sn1per<\/a> runs the whole set in one command. It is a companion to the pillar on <a href=\"\/wordpress\/reconnaissance-methodology\/\">the reconnaissance methodology<\/a> and to the guide on <a href=\"\/wordpress\/active-reconnaissance\/\">active reconnaissance<\/a>.<\/p>\n<h2 id=\"what-is\">What is subdomain enumeration?<\/h2>\n<p>Subdomain enumeration is the process of discovering the subdomains that belong to a target domain &#8211; <code>api.acme.com<\/code>, <code>vpn.acme.com<\/code>, <code>staging.acme.com<\/code>, and so on. It is the expansion step of recon: you start with one or a handful of root domains and finish with a validated list of every host under them that resolves on the internet. There are two fundamental approaches, and a complete methodology uses both:<\/p>\n<ul>\n<li><strong>Passive enumeration<\/strong> pulls known subdomains from third-party datasets &#8211; certificate transparency logs, DNS aggregators, search indexes, and public code &#8211; without ever querying the target&#8217;s own infrastructure. It is quiet and broad.<\/li>\n<li><strong>Active enumeration<\/strong> generates candidate names and asks DNS whether they exist, through brute force and permutation. It finds names that never appear in any public dataset, at the cost of sending traffic.<\/li>\n<\/ul>\n<h2 id=\"why\">Why subdomain enumeration matters<\/h2>\n<p>Every serious external compromise starts with an asset the defender forgot they had. Subdomain enumeration is how attackers find those assets, so it is how defenders and bug bounty hunters must find them first. The wider and more current your subdomain list, the larger the surface you can test &#8211; and the more likely you are to reach the one host running the outdated software or the exposed admin panel. This is also why enumeration is not a one-time task: infrastructure changes constantly, so the methodology has to be repeatable and, ideally, continuous.<\/p>\n<p>Consider a typical enterprise: the marketing team spins up a campaign microsite on a third-party host, an engineering team stands up <code>api-v2-staging.acme.com<\/code> for a release, and an acquisition brings a dozen new domains that never made it into the asset register. None of these appear in the official inventory, yet all three are live, reachable, and testable. Subdomain enumeration is the only reliable way to find them, and finding them before an attacker does is the entire point.<\/p>\n<h2 id=\"wildcards\">Wildcard DNS and avoiding false positives<\/h2>\n<p>One trap that ruins otherwise-good enumeration is wildcard DNS. When a domain is configured with a wildcard record, <em>every<\/em> possible subdomain resolves &#8211; including names that do not really exist &#8211; so a naive brute force reports thousands of phantom hosts. A disciplined methodology detects the wildcard first, by resolving a random name that could not possibly exist and seeing whether it answers, then filters brute-force results against that baseline so only genuine hosts survive. Skip this step and you flood the rest of the pipeline with noise and burn the active phases scanning addresses that are not real. Sn1per handles wildcard detection and filtering inside its resolution step, so the merged host list it produces is made of real hosts, not wildcard echoes.<\/p>\n<h2 id=\"passive\">Passive subdomain enumeration<\/h2>\n<p>Passive enumeration is always the first move because it is quiet and returns a large base list fast. The richest sources are:<\/p>\n<ul>\n<li><strong>Certificate transparency logs<\/strong> &#8211; every TLS certificate issued is logged publicly, so <a rel=\"nofollow\" href=\"https:\/\/crt.sh\/\">crt.sh<\/a> and similar CT search reveal subdomains the moment they get a certificate.<\/li>\n<li><strong>Passive aggregators<\/strong> &#8211; <a rel=\"nofollow\" href=\"https:\/\/github.com\/owasp-amass\/amass\">Amass<\/a> (in passive mode) and subfinder query dozens of data sources at once (DNS datasets, threat-intel feeds, search engines).<\/li>\n<li><strong>Code and dev intelligence<\/strong> &#8211; github-subdomains and bevigil mine public repositories and mobile apps for hostnames developers leaked in source.<\/li>\n<li><strong>Internet scan datasets<\/strong> &#8211; netlas, and services like Shodan and Censys, expose subdomains observed across internet-wide scans.<\/li>\n<\/ul>\n<p>Two habits separate thorough passive enumeration from a quick pass. The first is recursion: feed the subdomains you discover back into the tools as new seeds, because <code>dev.acme.com<\/code> often has its own children like <code>jenkins.dev.acme.com<\/code>. The second is breadth of sources &#8211; no single dataset is complete, so the value comes from querying many and merging, which is precisely why the manual approach means running and reconciling a dozen tools by hand.<\/p>\n<p>Sn1per runs all of these in its recon phase &#8211; sublist3r, Amass, subfinder, dnscan, censys, shodan, github-subdomains, bevigil, netlas, and crt.sh &#8211; then merges the results into a single deduplicated list before any active step begins:<\/p>\n<pre><code># Passive-first subdomain enumeration into a workspace\nsniper -t acme.com -c \/sniper\/conf\/recon_passive -w acme\n\n[*] sublist3r ............ 61\n[*] amass (passive) ..... 148\n[*] subfinder ........... 172\n[*] crt.sh .............. 203\n[*] github-subdomains ... 24\n[*] merged &amp; deduped .... 231 unique subdomains\n<\/code><\/pre>\n<h2 id=\"active\">Active enumeration and DNS brute force<\/h2>\n<p>Passive sources only know about subdomains that have already leaked into a public dataset. Active enumeration finds the rest by generating candidate names and resolving them. There are two techniques:<\/p>\n<ul>\n<li><strong>DNS brute force<\/strong> &#8211; test a wordlist of common names (<code>dev<\/code>, <code>vpn<\/code>, <code>mail<\/code>, <code>api<\/code>) against the domain using a fast resolver. <a rel=\"nofollow\" href=\"https:\/\/github.com\/blechschmidt\/massdns\">massdns<\/a> and puredns resolve hundreds of thousands of candidates per minute.<\/li>\n<li><strong>Permutation and prediction<\/strong> &#8211; take the subdomains you already found and generate variations (<code>api-staging<\/code>, <code>api2<\/code>, <code>api-dev<\/code>) with altdns or dnsgen, then resolve those. This catches the naming patterns an organization repeats across environments.<\/li>\n<\/ul>\n<p>Sn1per automates brute force and permutation with subbrute, massdns, altdns, and dnsgen, gated so you control how aggressive the active phase gets. The permutation step is where the highest-value finds often hide, because it predicts the internal naming conventions that never appear in certificate logs.<\/p>\n<h2 id=\"resolve\">Resolving, validating and finding live hosts<\/h2>\n<p>A raw candidate list is noise until it is resolved. This step filters the merged passive-plus-active list down to names that actually resolve, then to hosts that are actually alive. Mass resolvers (puredns, massdns, or a threaded <code>dig<\/code>) confirm which names have DNS records, and <a rel=\"nofollow\" href=\"https:\/\/github.com\/projectdiscovery\/httpx\">httpx<\/a> then probes which of those serve live web content, capturing status codes, titles, and technologies in one pass. Sn1per does exactly this &#8211; mass-resolves the merged list, then runs httpx across every resolvable subdomain &#8211; so the workspace ends with a clean, live-only host list ready for the next phase. Resolving before scanning is what keeps the active phases fast and in-scope, and it is the natural handoff into <a href=\"\/wordpress\/active-reconnaissance\/\">active reconnaissance<\/a>.<\/p>\n<h2 id=\"vhost\">Virtual host discovery<\/h2>\n<p>Not every website has its own DNS name. Multiple sites are often served from one IP address and distinguished only by the HTTP <code>Host<\/code> header &#8211; these are virtual hosts, and they are invisible to DNS-based enumeration. Virtual-host discovery brute-forces candidate hostnames directly against an IP to surface the sites that share it. Sn1per includes a virtual-host correlation step in its recon phase, tying discovered IPs back to hostnames via TLS certificates and Host-header probing, so you do not miss the internal app quietly co-hosted on a shared server.<\/p>\n<h2 id=\"takeover\">Subdomain takeover checks<\/h2>\n<p>A subdomain that points (via CNAME) to a de-provisioned cloud service is a subdomain takeover waiting to happen: an attacker who claims the dangling resource controls content on your subdomain. Every enumeration pass should end with a takeover check. Tools like subzy, subjack, and subover &#8211; and Nuclei takeover templates &#8211; flag subdomains whose targets are unclaimed. Sn1per runs takeover detection automatically across the full enumerated list (subover, subjack, and Nuclei takeover templates), so dangling records surface in the same run that discovers them rather than in a separate manual pass.<\/p>\n<h2 id=\"tools-table\">The best subdomain enumeration tools in 2026<\/h2>\n<p>Each of these open-source tools is best-in-class at one part of the job. The catch is that a real enumeration methodology needs all of them, chained and deduplicated &#8211; which is exactly the integration work an all-in-one engine removes.<\/p>\n<table>\n<thead>\n<tr>\n<th>Step<\/th>\n<th>Best-in-class open-source tool<\/th>\n<th>In Sn1per<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Certificate transparency<\/td>\n<td>crt.sh<\/td>\n<td>Automated, merged with all sources<\/td>\n<\/tr>\n<tr>\n<td>Passive aggregation<\/td>\n<td>Amass, subfinder<\/td>\n<td>Both run in the recon phase<\/td>\n<\/tr>\n<tr>\n<td>Code \/ app intelligence<\/td>\n<td>github-subdomains, bevigil<\/td>\n<td>Included (with API keys)<\/td>\n<\/tr>\n<tr>\n<td>DNS brute force<\/td>\n<td>massdns, puredns<\/td>\n<td>Automated brute step<\/td>\n<\/tr>\n<tr>\n<td>Permutation<\/td>\n<td>altdns, dnsgen<\/td>\n<td>Automated permutation step<\/td>\n<\/tr>\n<tr>\n<td>Resolution &amp; alive<\/td>\n<td>dnsx, httpx<\/td>\n<td>Mass-resolve + httpx probe<\/td>\n<\/tr>\n<tr>\n<td>Takeover check<\/td>\n<td>subzy, subjack<\/td>\n<td>subover, subjack, Nuclei templates<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 id=\"sn1per\">Automating subdomain enumeration with Sn1per<\/h2>\n<p>Sn1per&#8217;s recon mode is a complete subdomain-enumeration pipeline: it runs 10+ passive sources, DNS brute force, permutation, mass-resolution, virtual-host correlation, live-host probing, and takeover detection, then merges everything into one sorted, deduplicated, diff-against-last-run list inside a named workspace. Because the workspace persists, every re-run tells you what is new &#8211; the foundation of continuous discovery:<\/p>\n<pre><code># Re-run later; Sn1per diffs against the stored workspace\nsniper -t acme.com -c \/sniper\/conf\/recon_active -w acme\n\n[*] Total subdomains ........ 237  (+6 since last run)\n[*] New \/ interesting ....... api-staging.acme.com, grafana.acme.com\n[*] Possible takeover ....... assets-old.acme.com  (dangling CNAME)\n<\/code><\/pre>\n<p>The enumerated, resolved host list then flows straight into the rest of the <a href=\"\/wordpress\/reconnaissance-methodology\/\">reconnaissance methodology<\/a> &#8211; fingerprinting, content discovery, and scanning &#8211; without re-running discovery by hand.<\/p>\n<h2 id=\"continuous\">Continuous subdomain monitoring<\/h2>\n<p>Subdomains are not static, so a single enumeration run is a snapshot that starts going stale immediately. New hosts appear with every deployment, acquisition, or marketing campaign, and any one of them could be the weak link. That is why mature programs move from one-off enumeration to continuous monitoring: re-running the full pipeline on a schedule and alerting on what is new. Because Sn1per stores each run in a persistent workspace and diffs against the previous one, scheduling a recurring recon scan turns subdomain enumeration into an always-on early-warning system &#8211; new and potentially risky subdomains surface the day they appear, not at the next quarterly review. This is the discovery half of <a href=\"\/wordpress\/continuous-attack-surface-testing\/\">continuous attack surface testing<\/a>.<\/p>\n<h2 id=\"getting-started\">Getting started<\/h2>\n<p>Enumerate the subdomains of a domain you own. Start free with <a href=\"\/wordpress\/sn1per-community-edition\/\">Sn1per Community Edition<\/a> and run <code>sniper -t yourdomain.com -c \/sniper\/conf\/recon_active -w yourorg<\/code>, then look at the merged list: how many of those hosts did you already know about? Move up to <a href=\"\/wordpress\/sn1per-professional-2026\/\">Sn1per Professional 2026<\/a> to schedule recurring enumeration and pull the results via the JSON API, or browse every edition on the <a href=\"\/wordpress\/shop\/\">shop page<\/a>.<\/p>\n<h2 id=\"faq\">Frequently asked questions<\/h2>\n<h3>What is subdomain enumeration?<\/h3>\n<p>Subdomain enumeration is the process of discovering the subdomains that belong to a target domain, such as api.example.com and staging.example.com. It combines passive sources (certificate transparency logs, DNS aggregators, public code) with active techniques (DNS brute force and permutation), then resolves the results to a validated list of live hosts. It is the phase of reconnaissance that most directly expands the attack surface.<\/p>\n<h3>What is the difference between passive and active subdomain enumeration?<\/h3>\n<p>Passive enumeration pulls known subdomains from third-party datasets &#8211; certificate transparency, DNS aggregators, search indexes, public repositories &#8211; without querying the target directly. Active enumeration generates candidate names and resolves them against DNS through brute force and permutation, finding subdomains that never appear in any public dataset. A complete methodology runs passive first, then active on top.<\/p>\n<h3>What are the best subdomain enumeration tools?<\/h3>\n<p>The strongest open-source tools by step are: crt.sh for certificate transparency, Amass and subfinder for passive aggregation, github-subdomains and bevigil for code intelligence, massdns and puredns for brute force, altdns and dnsgen for permutation, httpx for live-host probing, and subzy or subjack for takeover checks. Sn1per runs the whole set automatically in one command.<\/p>\n<h3>Is subdomain enumeration legal?<\/h3>\n<p>Passive subdomain enumeration uses public third-party data and is generally low-risk, but active enumeration sends DNS and HTTP traffic to infrastructure, so you must have authorization &#8211; a bug bounty program&#8217;s scope, a signed engagement, or ownership of the assets. Always confirm the target is in scope before running active brute force or resolution.<\/p>\n<h3>Does Sn1per do subdomain enumeration?<\/h3>\n<p>Yes. Sn1per&#8217;s recon mode is a full subdomain-enumeration pipeline: 10+ passive sources, DNS brute force, permutation, mass-resolution, virtual-host correlation, live-host probing with httpx, and subdomain-takeover detection, all merged and deduplicated into a workspace that diffs against previous runs so new subdomains surface automatically.<\/p>\n<p><script type=\"application\/ld+json\">\n{\"@context\":\"https:\/\/schema.org\",\"@type\":\"FAQPage\",\"mainEntity\":[\n{\"@type\":\"Question\",\"name\":\"What is subdomain enumeration?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Subdomain enumeration is the process of discovering the subdomains that belong to a target domain, such as api.example.com and staging.example.com. It combines passive sources (certificate transparency logs, DNS aggregators, public code) with active techniques (DNS brute force and permutation), then resolves the results to a validated list of live hosts. It is the phase of reconnaissance that most directly expands the attack surface.\"}},\n{\"@type\":\"Question\",\"name\":\"What is the difference between passive and active subdomain enumeration?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Passive enumeration pulls known subdomains from third-party datasets - certificate transparency, DNS aggregators, search indexes, public repositories - without querying the target directly. Active enumeration generates candidate names and resolves them against DNS through brute force and permutation, finding subdomains that never appear in any public dataset. A complete methodology runs passive first, then active on top.\"}},\n{\"@type\":\"Question\",\"name\":\"What are the best subdomain enumeration tools?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The strongest open-source tools by step are: crt.sh for certificate transparency, Amass and subfinder for passive aggregation, github-subdomains and bevigil for code intelligence, massdns and puredns for brute force, altdns and dnsgen for permutation, httpx for live-host probing, and subzy or subjack for takeover checks. Sn1per runs the whole set automatically in one command.\"}},\n{\"@type\":\"Question\",\"name\":\"Is subdomain enumeration legal?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Passive subdomain enumeration uses public third-party data and is generally low-risk, but active enumeration sends DNS and HTTP traffic to infrastructure, so you must have authorization - a bug bounty program's scope, a signed engagement, or ownership of the assets. Always confirm the target is in scope before running active brute force or resolution.\"}},\n{\"@type\":\"Question\",\"name\":\"Does Sn1per do subdomain enumeration?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes. Sn1per's recon mode is a full subdomain-enumeration pipeline: 10+ passive sources, DNS brute force, permutation, mass-resolution, virtual-host correlation, live-host probing with httpx, and subdomain-takeover detection, all merged and deduplicated into a workspace that diffs against previous runs so new subdomains surface automatically.\"}}\n]}\n<\/script><\/p>\n<div id=\"wp-share-button-65002\" class=\"wp-share-button theme28\"><span class=\"total-share \"><i class=\"total-count-text\">Total Share<\/i> <i class=\"total-count\">0<\/i> <\/span><a target=\"_blank\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/\" class=\"share-button share-button-65002 facebook\" id=\"facebook\" data-nonce=\"85e826f1a5\">\r\n\r\n<span class=\"button-icon\"><\/span>\r\n<span class=\"button-name\">Facebook<\/span>\r\n\r\n<span class=\"button-count\">0<\/span>\r\n\r\n<\/a>\r\n\r\n<a target=\"_blank\" href=\"https:\/\/twitter.com\/intent\/tweet?url=https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/&amp;text=Subdomain%20Enumeration:%20The%20Complete%202026%20Guide%20(Passive,%20Active%20and%20Brute%20Force)\" class=\"share-button share-button-65002 twitter\" id=\"twitter\" data-nonce=\"85e826f1a5\">\r\n\r\n<span class=\"button-icon\"><\/span>\r\n<span class=\"button-name\">Twitter<\/span>\r\n\r\n<span class=\"button-count\">0<\/span>\r\n\r\n<\/a>\r\n\r\n<a target=\"_blank\" href=\"http:\/\/www.reddit.com\/submit?title=Subdomain%20Enumeration:%20The%20Complete%202026%20Guide%20(Passive,%20Active%20and%20Brute%20Force)&amp;url=https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/\" class=\"share-button share-button-65002 reddit\" id=\"reddit\" data-nonce=\"85e826f1a5\">\r\n\r\n<span class=\"button-icon\"><\/span>\r\n<span class=\"button-name\">Reddit<\/span>\r\n\r\n<span class=\"button-count\">0<\/span>\r\n\r\n<\/a>\r\n\r\n<a target=\"_blank\" href=\"https:\/\/www.linkedin.com\/shareArticle?url=https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/&amp;title=Subdomain%20Enumeration:%20The%20Complete%202026%20Guide%20(Passive,%20Active%20and%20Brute%20Force)&amp;summary=&amp;source=\" class=\"share-button share-button-65002 linkedin\" id=\"linkedin\" data-nonce=\"85e826f1a5\">\r\n\r\n<span class=\"button-icon\"><\/span>\r\n<span class=\"button-name\">Linkedin<\/span>\r\n\r\n<span class=\"button-count\">0<\/span>\r\n\r\n<\/a>\r\n\r\n<a title=\"More...\" href=\"#wp-share-button-65002\" class=\"share-button-more\"><span class=\"button-icon\"><i class=\"fa fa-plus\"><\/i><\/span><\/a><div class=\"wp-share-button-popup wp-share-button-popup-65002\"><div class=\"popup-buttons\"><span class=\"close\">X<\/span><a target=\"_blank\" href=\"mailto:?subject=Subdomain%20Enumeration:%20The%20Complete%202026%20Guide%20(Passive,%20Active%20and%20Brute%20Force)&amp;body=https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/\" class=\"share-button share-button-65002 email\" id=\"email\">\r\n\r\n<span class=\"button-icon\"><\/span>\r\n<span class=\"button-name\">Email<\/span>\r\n<span class=\"button-count\">0<\/span>\t\t\t\t\r\n\r\n<\/a>\r\n<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>How to enumerate subdomains in 2026 &#8211; passive sources, active brute force and permutation, DNS resolution, virtual hosts and takeover checks &#8211; with the best open-source tools and how Sn1per runs them all.<\/p>\n","protected":false},"author":1,"featured_media":65003,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[290,80,289],"tags":[359,422,378,418,421,172,393,287,37,419,420],"class_list":["post-65002","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-attack-surface-management","category-bug-bounties","category-penetration-testing","tag-359","tag-asset-discovery","tag-attack-surface-management","tag-bug-bounty","tag-dns","tag-osint","tag-owasp-amass","tag-reconnaissance","tag-sn1per","tag-subdomain-enumeration","tag-subdomains"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"How to enumerate subdomains in 2026 - passive sources, active brute force, DNS resolution and takeover checks - with the best open-source tools and how Sn1per automates them.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"xer0dayz\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Sn1perSecurity\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Subdomain Enumeration: The Complete 2026 Guide\" \/>\n\t\t<meta property=\"og:description\" content=\"How to enumerate subdomains in 2026 - passive sources, active brute force, DNS resolution and takeover checks - with the best open-source tools and how Sn1per automates them.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/subdomain-enumeration.png\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/subdomain-enumeration.png\" \/>\n\t\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2026-07-04T18:39:32+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2026-07-04T18:39:32+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Sn1persecurity-105784611869093\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@sn1persecurity\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Subdomain Enumeration: The Complete 2026 Guide\" \/>\n\t\t<meta name=\"twitter:description\" content=\"How to enumerate subdomains in 2026 - passive sources, active brute force, DNS resolution and takeover checks - with the best open-source tools and how Sn1per automates them.\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@sn1persecurity\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/subdomain-enumeration.png\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/#blogposting\",\"name\":\"Subdomain Enumeration: The Complete 2026 Guide\",\"headline\":\"Subdomain Enumeration: The Complete 2026 Guide (Passive, Active and Brute Force)\",\"author\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/author\\\/xer0dayz\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/subdomain-enumeration.png\",\"width\":1200,\"height\":630,\"caption\":\"Sn1perSecurity guide cover: Subdomain Enumeration - passive sources, active brute force, DNS resolution and takeover checks, automated by Sn1per\"},\"datePublished\":\"2026-07-04T11:39:32-07:00\",\"dateModified\":\"2026-07-04T11:39:32-07:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/#webpage\"},\"articleSection\":\"Attack Surface Management, Bug Bounties, Penetration Testing, 2026, asset-discovery, attack-surface-management, bug-bounty, dns, OSINT, owasp-amass, reconnaissance, sn1per, subdomain-enumeration, subdomains\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/category\\\/bug-bounties\\\/#listItem\",\"name\":\"Bug Bounties\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/category\\\/bug-bounties\\\/#listItem\",\"position\":2,\"name\":\"Bug Bounties\",\"item\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/category\\\/bug-bounties\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/#listItem\",\"name\":\"Subdomain Enumeration: The Complete 2026 Guide (Passive, Active and Brute Force)\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/#listItem\",\"position\":3,\"name\":\"Subdomain Enumeration: The Complete 2026 Guide (Passive, Active and Brute Force)\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/category\\\/bug-bounties\\\/#listItem\",\"name\":\"Bug Bounties\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/#organization\",\"name\":\"Sn1perSecurity\",\"description\":\"Get an attacker's view of your organization with our all-in-one offensive security platform\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/\",\"email\":\"support@sn1persecurity.com\",\"foundingDate\":\"2021-10-05\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"value\":2},\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/Sn1perwhiteandcircleicontwitter.jpg\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/#organizationLogo\",\"width\":500,\"height\":500,\"caption\":\"Sn1perSecurity Logo\"},\"image\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/#organizationLogo\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/Sn1persecurity-105784611869093\",\"https:\\\/\\\/x.com\\\/sn1persecurity\",\"https:\\\/\\\/www.instagram.com\\\/sn1persecurity\",\"https:\\\/\\\/www.youtube.com\\\/sn1persecurity\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/sn1persecurity\\\/\",\"https:\\\/\\\/github.com\\\/1N3\\\/Sn1per\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/author\\\/xer0dayz\\\/#author\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/author\\\/xer0dayz\\\/\",\"name\":\"xer0dayz\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/60111840c4f5a576635c5b9169e7322cec38bea67f56f0c141021c7579f230a4?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"xer0dayz\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/#webpage\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/\",\"name\":\"Subdomain Enumeration: The Complete 2026 Guide\",\"description\":\"How to enumerate subdomains in 2026 - passive sources, active brute force, DNS resolution and takeover checks - with the best open-source tools and how Sn1per automates them.\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/author\\\/xer0dayz\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/author\\\/xer0dayz\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/subdomain-enumeration.png\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/#mainImage\",\"width\":1200,\"height\":630,\"caption\":\"Sn1perSecurity guide cover: Subdomain Enumeration - passive sources, active brute force, DNS resolution and takeover checks, automated by Sn1per\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/subdomain-enumeration\\\/#mainImage\"},\"datePublished\":\"2026-07-04T11:39:32-07:00\",\"dateModified\":\"2026-07-04T11:39:32-07:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/#website\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/\",\"name\":\"Sn1perSecurity\",\"alternateName\":\"Sn1per\",\"description\":\"Get an attacker's view of your organization with our all-in-one offensive security platform\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Subdomain Enumeration: The Complete 2026 Guide","description":"How to enumerate subdomains in 2026 - passive sources, active brute force, DNS resolution and takeover checks - with the best open-source tools and how Sn1per automates them.","canonical_url":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/#blogposting","name":"Subdomain Enumeration: The Complete 2026 Guide","headline":"Subdomain Enumeration: The Complete 2026 Guide (Passive, Active and Brute Force)","author":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/author\/xer0dayz\/#author"},"publisher":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/subdomain-enumeration.png","width":1200,"height":630,"caption":"Sn1perSecurity guide cover: Subdomain Enumeration - passive sources, active brute force, DNS resolution and takeover checks, automated by Sn1per"},"datePublished":"2026-07-04T11:39:32-07:00","dateModified":"2026-07-04T11:39:32-07:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/#webpage"},"isPartOf":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/#webpage"},"articleSection":"Attack Surface Management, Bug Bounties, Penetration Testing, 2026, asset-discovery, attack-surface-management, bug-bounty, dns, OSINT, owasp-amass, reconnaissance, sn1per, subdomain-enumeration, subdomains"},{"@type":"BreadcrumbList","@id":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress#listItem","position":1,"name":"Home","item":"https:\/\/sn1persecurity.com\/wordpress","nextItem":{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress\/category\/bug-bounties\/#listItem","name":"Bug Bounties"}},{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress\/category\/bug-bounties\/#listItem","position":2,"name":"Bug Bounties","item":"https:\/\/sn1persecurity.com\/wordpress\/category\/bug-bounties\/","nextItem":{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/#listItem","name":"Subdomain Enumeration: The Complete 2026 Guide (Passive, Active and Brute Force)"},"previousItem":{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/#listItem","position":3,"name":"Subdomain Enumeration: The Complete 2026 Guide (Passive, Active and Brute Force)","previousItem":{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress\/category\/bug-bounties\/#listItem","name":"Bug Bounties"}}]},{"@type":"Organization","@id":"https:\/\/sn1persecurity.com\/wordpress\/#organization","name":"Sn1perSecurity","description":"Get an attacker's view of your organization with our all-in-one offensive security platform","url":"https:\/\/sn1persecurity.com\/wordpress\/","email":"support@sn1persecurity.com","foundingDate":"2021-10-05","numberOfEmployees":{"@type":"QuantitativeValue","value":2},"logo":{"@type":"ImageObject","url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/06\/Sn1perwhiteandcircleicontwitter.jpg","@id":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/#organizationLogo","width":500,"height":500,"caption":"Sn1perSecurity Logo"},"image":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/#organizationLogo"},"sameAs":["https:\/\/www.facebook.com\/Sn1persecurity-105784611869093","https:\/\/x.com\/sn1persecurity","https:\/\/www.instagram.com\/sn1persecurity","https:\/\/www.youtube.com\/sn1persecurity","https:\/\/www.linkedin.com\/in\/sn1persecurity\/","https:\/\/github.com\/1N3\/Sn1per"]},{"@type":"Person","@id":"https:\/\/sn1persecurity.com\/wordpress\/author\/xer0dayz\/#author","url":"https:\/\/sn1persecurity.com\/wordpress\/author\/xer0dayz\/","name":"xer0dayz","image":{"@type":"ImageObject","@id":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/60111840c4f5a576635c5b9169e7322cec38bea67f56f0c141021c7579f230a4?s=96&d=mm&r=g","width":96,"height":96,"caption":"xer0dayz"}},{"@type":"WebPage","@id":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/#webpage","url":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/","name":"Subdomain Enumeration: The Complete 2026 Guide","description":"How to enumerate subdomains in 2026 - passive sources, active brute force, DNS resolution and takeover checks - with the best open-source tools and how Sn1per automates them.","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/#website"},"breadcrumb":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/#breadcrumblist"},"author":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/author\/xer0dayz\/#author"},"creator":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/author\/xer0dayz\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/subdomain-enumeration.png","@id":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/#mainImage","width":1200,"height":630,"caption":"Sn1perSecurity guide cover: Subdomain Enumeration - passive sources, active brute force, DNS resolution and takeover checks, automated by Sn1per"},"primaryImageOfPage":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/#mainImage"},"datePublished":"2026-07-04T11:39:32-07:00","dateModified":"2026-07-04T11:39:32-07:00"},{"@type":"WebSite","@id":"https:\/\/sn1persecurity.com\/wordpress\/#website","url":"https:\/\/sn1persecurity.com\/wordpress\/","name":"Sn1perSecurity","alternateName":"Sn1per","description":"Get an attacker's view of your organization with our all-in-one offensive security platform","inLanguage":"en-US","publisher":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/#organization"}}]},"og:locale":"en_US","og:site_name":"Sn1perSecurity","og:type":"article","og:title":"Subdomain Enumeration: The Complete 2026 Guide","og:description":"How to enumerate subdomains in 2026 - passive sources, active brute force, DNS resolution and takeover checks - with the best open-source tools and how Sn1per automates them.","og:url":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/","og:image":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/subdomain-enumeration.png","og:image:secure_url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/subdomain-enumeration.png","og:image:width":"1200","og:image:height":"630","article:published_time":"2026-07-04T18:39:32+00:00","article:modified_time":"2026-07-04T18:39:32+00:00","article:publisher":"https:\/\/www.facebook.com\/Sn1persecurity-105784611869093","twitter:card":"summary_large_image","twitter:site":"@sn1persecurity","twitter:title":"Subdomain Enumeration: The Complete 2026 Guide","twitter:description":"How to enumerate subdomains in 2026 - passive sources, active brute force, DNS resolution and takeover checks - with the best open-source tools and how Sn1per automates them.","twitter:creator":"@sn1persecurity","twitter:image":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/subdomain-enumeration.png"},"aioseo_meta_data":{"post_id":"65002","title":"Subdomain Enumeration: The Complete 2026 Guide","description":"How to enumerate subdomains in 2026 - passive sources, active brute force, DNS resolution and takeover checks - with the best open-source tools and how Sn1per automates them.","keywords":null,"keyphrases":{"focus":{"keyphrase":"subdomain enumeration","score":0,"analysis":[]}},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"featured","og_image_url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/subdomain-enumeration.png","og_image_width":"1200","og_image_height":"630","og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":true,"twitter_card":"summary_large_image","twitter_image_type":"featured","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2026-07-04 18:39:36","updated":"2026-07-04 18:50:29","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sn1persecurity.com\/wordpress\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">\u00bb<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sn1persecurity.com\/wordpress\/category\/bug-bounties\/\" title=\"Bug Bounties\">Bug Bounties<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">\u00bb<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tSubdomain Enumeration: The Complete 2026 Guide (Passive, Active and Brute Force)\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/sn1persecurity.com\/wordpress"},{"label":"Bug Bounties","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/bug-bounties\/"},{"label":"Subdomain Enumeration: The Complete 2026 Guide (Passive, Active and Brute Force)","link":"https:\/\/sn1persecurity.com\/wordpress\/subdomain-enumeration\/"}],"jetpack_featured_media_url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/subdomain-enumeration.png","jetpack_shortlink":"https:\/\/wp.me\/pdnW96-gUq","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/65002","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/comments?post=65002"}],"version-history":[{"count":0,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/65002\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media\/65003"}],"wp:attachment":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media?parent=65002"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/categories?post=65002"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/tags?post=65002"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}