A security incident has occurred and you need to quickly assess the attack surface for potential entry points.
Prerequisites: Incident details, affected domains
# Set up incident investigation
INCIDENT_ID="INC-2025-001"
AFFECTED_DOMAIN="compromised.com"
INVESTIGATION_DIR="incident_${INCIDENT_ID}_$(date +%Y%m%d_%H%M%S)"
mkdir -p "$INVESTIGATION_DIR"
cd "$INVESTIGATION_DIR"
# Document incident
cat > incident_details.txt << EOF
Incident ID: $INCIDENT_ID
Affected Domain: $AFFECTED_DOMAIN
Investigation Started: $(date)
Investigator: $(whoami)
EOF
# Rapid subdomain discovery
echo "🔍 Rapid asset discovery..."
subfinder -d "$AFFECTED_DOMAIN" -all -silent > subdomains.txt
amass enum -passive -d "$AFFECTED_DOMAIN" -timeout 5 -o subdomains_amass.txt
# Combine results
cat subdomains*.txt | sort -u > all_assets.txt
echo "Found $(wc -l < all_assets.txt) total assets"