search
SecurityVulnerabilityTerminalCode

Passive

Obtaining information about the Target without directly interacting with it.

Google.arrow-up-right

Info: Google Dorks.arrow-up-right

Search: ExploitDBarrow-up-right - DorkSearcharrow-up-right

host <DOMAIN/IP>
nslookup <DOMAIN/IP>

hashtag
Whois

Whois is a protocol and service that allows users to look up registration information related to Internet domains and IP addresses. It provides details such as the owner's name, registration date, and expiration date.

whois <DOMAIN/IP>

Combine IPs and hostnames found with WHOIS to verify that they are owned by the organization and not outsourced to ISPs (Internet Service Providers).

hashtag
DNS

host -t <TYPE> <DOMAIN> [<DNS_SERVER>]
nslookup -query=<TYPE> <DOMAIN> [<DNS_SERVER>] 
nslookup -type=<TYPE> <DOMAIN> [<DNS_SERVER>]
dig <TYPE> <DOMAIN> [@<DNS_SERVER>]

hashtag
Subdomain

subfinderarrow-up-right

Subdomain passively via online sources. subfinder -d <DOMAIN>

hashtag
Netcraftarrow-up-right

A free web portal that performs various information gathering functions, such as discovering which technologies are running on a given website and finding which other hosts share the same IP netblock.

hashtag
Certificates

Website
Details

censys.ioarrow-up-right

Information about SSL/TLS certificates

ssllabsarrow-up-right

Online service performs a deep analysis of the configuration of any SSL web server on the public Internet

Last updated