Passive information gathering

What passive information?

  • IP addresses, DNS, domain names and domain ownership

  • Email addresses, social media profiles

  • Web technologies, subdomains

TOOLS TO GATHER INFORMATION PASSIVELY:-

  1. host command:- host <HOST>

  2. robots.txt

  3. sitemap.xml

  4. whatweb :- whatweb <HOST> Display the technologies used in the website

  5. whois :- whois <HOST> Display all the inforamtion about the target domain like Date of registration ,owner,owner email address,etc

  6. Netcraft website :- Displays the follwoing information in an readble format

  • Background

  • Network: domain IP address, Nameserver, Domain registrar, IP delegation

  • SSL/TLS Certificate: Issuer, Validity, Transparency, vulnerabilities

  • Hosting History

  • Web Trackers

  • Site Technology: Server-Side, Client-Side, Frameworks, etc

  1. dnsrecon tool - a Python script that provides the ability to perform NS/DNS Records Enumeration, records lookup, subdomain brute force, etc. Use the follwing command:- dnsrecon -d <domain name>

  2. wafw00f :- Displays the target is behind a firewall or not

  3. sublist3r :- subdomain enumeration command :-sublist3r -d <domain name>

PreviousReconnaissanceNextActive information gathering

Last updated