Reconnaissance
00. Basic
https://docs.reconness.com/
https://coggle.it/diagram/XepDvoXedGCjPc1Y/t/enumeration-mindmap
https://www.xmind.net/m/5dypm8/#01. Passive Recon
Manual
## ------------------| Get information about ip(4/6) address and mail server address.
whois h4rithd.com
host h4rithd.com
nslookup h4rithd.com
traceroute h4rithd.com
## ------------------| Enumarate DNS / NS Information
dnsrecon -d h4rithd.com
dig h4rithd.com
dig h4rithd.com MX ## List Mail server records
dig h4rithd.com NS ## List NameServer records
dig h4rithd.com ANY ## List all records
dig @8.8.8.8 h4rithd.com ANY ## Using google dns server
## ------------------| DNS Zone Transfer
dnsrecon -d h4rithd.com -t axfr
## ------------------| Check waf
wafw00f h4rithd.com
## ------------------| Interesting Sites
https://dnsdumpster.com/
https://sitereport.netcraft.com/?url=h4rithd.com
## ------------------| Identify web technology
whatweb h4rithd.com
## ------------------| OSINT on domain
theHarvester -b crtsh,dnsdumpster,duckduckgo,google,hackertarget,linkedin,linkedin_links,twitter,trello -d dialog.com
## ------------------| Subdomain enumeration
knockpy dialog.lk
sublist3r -d h4rithd.com
fierce --domain h4rithd.com
## ------------------| Subdomain enumeration from Certificate Transparency
curl -s https://crt.sh/\?q\=h4rithd.com\&output\=json | jq . | grep name | cut -d":" -f2 | grep -v "CN=" | cut -d'"' -f2 | awk '{gsub(/\\n/,"\n");}1;' | sort -u Automation
Last updated