< All Advanced Penetration Testing Notes

ysatvilkar | Advanced Penetration Testing | Module 4 - Information Gathering

By: yog_sat | Related Course: Advanced Penetration Testing | Published: August 7, 2017 | Modified: August 7, 2017
Join Cybrary

NotepadInfo Gathering - Domain

whois domainname
whois bulbsecurity.com
whous georgiaweidman.com

nslookup or host command to get more information about domain and subdomain
nslookup www.bulbsecurity.com

*Find mail servers
>set type=MX

*Find DNS servers
>set type=NS

*Find all servers/records
Zone transfer

host -t ns bulbsecurity.com (it will give name of DNS Server)
host -l bulbsecurity.com DNS_Server_Name1
host -l bulbsecurity.com DNS_Server_Name2

Sample –
host -t ns zonetransfer.me
host -l zonetransfer.me DNS_Server_Name1

It shows the result of all hosts.

fierce tool – Perl script
fierce -dns Microsoft.com

NotepadInformation Gathering (part 4) recon-ng


recon-ng in Kali
Its similar to Metasploit

Google dorks – Google Hack for Searching

Google searching technique by which you can find more details. It’s managed by ExploitDB currently.

NotepadInformation Gathering (part 5) NMAP

TCP Scan – nmap -sS IP_Address -p port
UDP Scan – nmap -sU IP_Address -p port

Version Scan – nmap -sV IP_Address

nmap -sV -p port IP_Address

< All Advanced Penetration Testing Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?