Google analytics
Most organizations use Google Analytics to track website visitors and for more statistics. Generally, they have the same Google Analytics ID across all subdomains of a root domain. This means we can perform a reverse search and find all the subdomains having the same ID. Hence, it helps us in the enumeration process.
Most people might be familiar with a browser extension called BuiltWidth. But using this extension or its website is a manual process. We need some sort of command-line utility. That's when AnalyticsRelationships comes to the rescue.
- Language: Go/Python
AnalyticsRelationships is a tool to enumerate subdomains via Google Analytics ID. It does not require any login and has the capability to bypass the BuiltWidth & HackerTarget captchas. This tool is available in 2 languages Python & Go. But the Go one is faster compared to the python one.
git clone https://github.com/Josue87/AnalyticsRelationships.git
cd AnalyticsRelationships/GO
go build -ldflags "-s -w"
- The output may contain false positives.
- Also, you need to further DNS resolve them in order to get the valid ones.
./analyticsrelationships --url https://www.bugcrowd.com
