< All Advanced Penetration Testing Notes

lsec0ni | Advanced Penetration Testing | Module 4 - Information Gathering

By: lsec0ni | Related Course: Advanced Penetration Testing | Published: January 18, 2017 | Modified: January 20, 2017
Join Cybrary

NotepadInformation Gathering (part 2) Domain Name Services


Domain by proxy – pay extra to hide information like registrant name, organisation etc…


for mail server, set type=mx

for name server, set type = ns

Zone files – zone transfer- all dns information – transfer form pri to sec dns etc…-  *should be turned off* – otherwise can get all information about your org easily from DNS

How to check if zone transfer is allowed by target domain (e.g. zonetransfer.me that allows zone transfer)?

1. Check what are the name servers for

host -t ns zonetransfer.me

2. Try a domain zone transfer:

host -l zonetransfer.me (nameserver)

fierce = Automated dns scanner for all hosts on a particular domain

e.g. > fierce -dns microsoft.com


NotepadInformation Gathering (part 3) Targeting

1.Finding Target Email Addresses for future attacks

theharvester = look through different search engines to fine email addresses.

2. netcraft.com = finds technology used on site and other information

3. Maltego = gui type to find different contexts about a specific target

4. shodan = looks for exposed devices, IOT, webcams etc…works by grabbing banners


NotepadInformation Gathering (part 4) recon-ng and

recon-ng = metasploit-ish exploit framework

google dorks

Notepadnformation Gathering (part 5) NMAP


< All Advanced Penetration Testing Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?