Information Gathering

Passive Gathering

Netcraft

https://searchdns.netcraft.com/?restriction=site+contains&host=megacorpone.com

Shodan

# Banner Lookup
megacorpone.com

# Reverse DNS Lookup
hostname:megacorpone.com

# SSL Cert Lookup
ssl.cert.subject.cn:megacorpone.com

# Result
https://www.shodan.io/host/66.70.207.180
https://www.shodan.io/host/51.79.37.18
https://www.shodan.io/host/51.222.39.63
https://www.shodan.io/host/149.56.244.87

Web Scraping

# Manual
https://dns.bufferover.run/dns?q=megacorpone.com
https://api.hackertarget.com/hostsearch/?q=megacorpone.com
https://rapiddns.io/subdomain/megacorpone.com
https://jldc.me/anubis/subdomains/megacorpone.com
https://api.sublist3r.com/search.php?domain=megacorpone.com

# Auto
amass enum -passive -d megacorpone.com -src

Linkedin

https://www.linkedin.com/search/results/companies/?keywords=megacorpone

Active Gathering

DNS

dig megacorpone.com any

Zone Transfer

host -t NS megacorpone.com | cut -d " " -f 4 | while read line;
do
host -t AXFR megacorpone.com $line;
done

Brute Force

wget https://raw.githubusercontent.com/rbsec/dnscan/master/subdomains-10000.txt
gobuster dns -d megacorpone.com -w subdomains-10000.txt

Resolving

cat hosts.txt | while read line;
do
host $line | grep "has address" | cut -d " " -f 1,4;
done
PreviousPenetration TestingNextScanning

Last updated