Notes

Information Gathering

Back


Information Gathering

Information gathering refers to gathering or collecting information about person, company and system that you’re targeting.

Types of Information Gathering:

What information to collect?


Passive Information Gathering

Web Recon and Footprinting

Web reconnaissance and footprinting focusses on gathering information about website.

Domain Information gathering

Read DNS

Whois

Command line tool to gather DNS information about host

Whois hostname

Netcraft

DNSRecon

To find information regarding domain

DNSRecon -d domain_name

CRT.sh :

Gather information about subdomains on basis of certificates.

Sublist3r

To identify subdomains of given domain

Sublist3r domain_name

Web Application Firewall(WAF) detection

To detect web application firewall being used.

waffw00f domain

Google Dork

Read Google_Dorking

examples : Site: Intitle : index of Cache: site_name

Google Hacking Database (GHDB)

Interesting google dorks stored in database.

Wayback machine

To check previous versions of websites and find information from it.

Email Harvesting

theHarvester

Leaked password

haveibeenpwned.com

To find leaked passwords in breaches, gather information about possible breaches occured.


Active Information Gathering

Read DNS

DNS Zone Transfer

DNS Zone Transfer : Process of copy or transfer of zone files from one DNS server to another.

DNS Zone Transfer


dig

DNS Zone Transfer using dig

dig axfr @"nameserver" "site"

dnsenum

Enumeration of publically available information, zone transfer and bruteforce subdomains.

dnsenum "site"

fierce

fierce –dns domain_name

Nmap

Read nmap , hping3

To enumerate active machines using ping scan to gather active machines IP.